General

  • Target

    3fb9f8f49e9baa63e0a4e089e81ff7a0248b36242127b404b3350def3379d69c

  • Size

    97KB

  • Sample

    220630-x895wsbge9

  • MD5

    c8ac54af2d63524a527838ef2685b2e2

  • SHA1

    391ea69e8377bdc364c5564cb2918a4f0e6abe51

  • SHA256

    3fb9f8f49e9baa63e0a4e089e81ff7a0248b36242127b404b3350def3379d69c

  • SHA512

    1800f16572601722f998312b3b3eda443caf6e10e7de1cd8f0e9a6b03f0197932348217110b8cfb79e244ca0a5296b84566beccd883b638e083dc09c29ff42ad

Malware Config

Targets

    • Target

      3fb9f8f49e9baa63e0a4e089e81ff7a0248b36242127b404b3350def3379d69c

    • Size

      97KB

    • MD5

      c8ac54af2d63524a527838ef2685b2e2

    • SHA1

      391ea69e8377bdc364c5564cb2918a4f0e6abe51

    • SHA256

      3fb9f8f49e9baa63e0a4e089e81ff7a0248b36242127b404b3350def3379d69c

    • SHA512

      1800f16572601722f998312b3b3eda443caf6e10e7de1cd8f0e9a6b03f0197932348217110b8cfb79e244ca0a5296b84566beccd883b638e083dc09c29ff42ad

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks