Overview

overview

10

Static

static

10

434e1589a1...af.exe

windows7_x64

6

434e1589a1...af.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    434e1589a145cba9adea19ea913305fd7ff3e3a527fc878de6a80fd7021d34af

  • Size

    69KB

  • Sample

    220707-3bq9eaabb3

  • MD5

    f724b29e1663d12a6cfc282882dab405

  • SHA1

    e9563b73227c6d8033572775199d0e3225f46610

  • SHA256

    434e1589a145cba9adea19ea913305fd7ff3e3a527fc878de6a80fd7021d34af

  • SHA512

    48dfbb7010bfc3fce872585e579e8c09d3934f050f1a5b708fb19d40ad6bc4390b7780993068684e6cb5981b6f54ef1b06cacdf82ffde9c4697e8cfa8fee9a63

Score
10/10
gandcrabpersistencesuricata

Malware Config

Targets

    • Target

      434e1589a145cba9adea19ea913305fd7ff3e3a527fc878de6a80fd7021d34af

    • Size

      69KB

    • MD5

      f724b29e1663d12a6cfc282882dab405

    • SHA1

      e9563b73227c6d8033572775199d0e3225f46610

    • SHA256

      434e1589a145cba9adea19ea913305fd7ff3e3a527fc878de6a80fd7021d34af

    • SHA512

      48dfbb7010bfc3fce872585e579e8c09d3934f050f1a5b708fb19d40ad6bc4390b7780993068684e6cb5981b6f54ef1b06cacdf82ffde9c4697e8cfa8fee9a63

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks