Overview

overview

10

Static

static

10

44ee4abf61...89.exe

windows7_x64

10

44ee4abf61...89.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44ee4abf61cbe1f7efd0874802eaebcb4d76bcde09b9a8bcc1ef9b357b588689

  • Size

    73KB

  • Sample

    220707-wajplsfcb5

  • MD5

    61097237a103014058a4be404a82db87

  • SHA1

    aebc984f63cb2416c087358a1292aff5a1c03054

  • SHA256

    44ee4abf61cbe1f7efd0874802eaebcb4d76bcde09b9a8bcc1ef9b357b588689

  • SHA512

    894d9fb17660b2553b58a12a1bf49831bb8b1bb324b68d9a91e916104303091d0d3ee4f6ae5f1d614933e43f9d424266732f6992ccfbd1446c1be74b67d725ef

Score
10/10
gandcrabpersistencesuricata

Malware Config

Targets

    • Target

      44ee4abf61cbe1f7efd0874802eaebcb4d76bcde09b9a8bcc1ef9b357b588689

    • Size

      73KB

    • MD5

      61097237a103014058a4be404a82db87

    • SHA1

      aebc984f63cb2416c087358a1292aff5a1c03054

    • SHA256

      44ee4abf61cbe1f7efd0874802eaebcb4d76bcde09b9a8bcc1ef9b357b588689

    • SHA512

      894d9fb17660b2553b58a12a1bf49831bb8b1bb324b68d9a91e916104303091d0d3ee4f6ae5f1d614933e43f9d424266732f6992ccfbd1446c1be74b67d725ef

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)

      suricata

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks