gandcrab | 3f9bf32d4248e01acb1914645dca5cb863fffd6d2649ba5fde3b46064183dbd6 | Triage

Sharing

General

Target

3f9bf32d4248e01acb1914645dca5cb863fffd6d2649ba5fde3b46064183dbd6
Size

70KB
Sample

220630-31e8fadbfq
MD5

bd8c603bfd3a71bd207af479ca431ff8
SHA1

a614bb89daa11ad79ac2363302ad09179576a328
SHA256

3f9bf32d4248e01acb1914645dca5cb863fffd6d2649ba5fde3b46064183dbd6
SHA512

932e44ae592beb667232988725f0486b42cf42900d10de64bdc3226b52f8ce344cddd303ca3a47bea64ec49f688c8aa25d2b82d25df37343d2b8c721be76457f

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  3f9bf32d4248e01acb1914645dca5cb863fffd6d2649ba5fde3b46064183dbd6
- Size
  
  70KB
- MD5
  
  bd8c603bfd3a71bd207af479ca431ff8
- SHA1
  
  a614bb89daa11ad79ac2363302ad09179576a328
- SHA256
  
  3f9bf32d4248e01acb1914645dca5cb863fffd6d2649ba5fde3b46064183dbd6
- SHA512
  
  932e44ae592beb667232988725f0486b42cf42900d10de64bdc3226b52f8ce344cddd303ca3a47bea64ec49f688c8aa25d2b82d25df37343d2b8c721be76457f
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2