Overview

overview

10

Static

static

10

45d50bae61...19.exe

windows7_x64

10

45d50bae61...19.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45d50bae6143bc03858015f203302447e443f9be045f4377a54100792d07b019

  • Size

    69KB

  • Sample

    220707-mrk5bsfed8

  • MD5

    e2c14ada12584c448cd9937d54b301d9

  • SHA1

    56e0ecdc400ea7c100b0f62de5374c1f7c1e76f1

  • SHA256

    45d50bae6143bc03858015f203302447e443f9be045f4377a54100792d07b019

  • SHA512

    282dac3a8261765de2175c3b68db14df77be01d1fc8e69d35e58a96fe95508014df839bac8cf824dd9e8ee45f60ea18669f3753ae887f7b9871699d04877fc99

Score
10/10
gandcrabpersistencesuricata

Malware Config

Targets

    • Target

      45d50bae6143bc03858015f203302447e443f9be045f4377a54100792d07b019

    • Size

      69KB

    • MD5

      e2c14ada12584c448cd9937d54b301d9

    • SHA1

      56e0ecdc400ea7c100b0f62de5374c1f7c1e76f1

    • SHA256

      45d50bae6143bc03858015f203302447e443f9be045f4377a54100792d07b019

    • SHA512

      282dac3a8261765de2175c3b68db14df77be01d1fc8e69d35e58a96fe95508014df839bac8cf824dd9e8ee45f60ea18669f3753ae887f7b9871699d04877fc99

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks