gandcrab | 5745ab39e594f8a65e33196bef1de6fa421019f23b59319d707ea99d281b00a9 | Triage

Sharing

General

Target

5745ab39e594f8a65e33196bef1de6fa421019f23b59319d707ea99d281b00a9
Size

69KB
Sample

220724-3wa3xsebdp
MD5

7c4dfdb7872e5a6869a1906178c57d0c
SHA1

0692d334698194dd26e06889b1cd7be32096e6da
SHA256

5745ab39e594f8a65e33196bef1de6fa421019f23b59319d707ea99d281b00a9
SHA512

de9a42f6b61262763df75f4dbb66f157f341260ba0bb84ac22902a8f4ceb9576a4f67276ca7d885bb835476c02b25ef560613674297baae73a61a288185dd235

Score

10^/10

gandcrab persistence suricata

Malware Config

Targets

- Target
  
  5745ab39e594f8a65e33196bef1de6fa421019f23b59319d707ea99d281b00a9
- Size
  
  69KB
- MD5
  
  7c4dfdb7872e5a6869a1906178c57d0c
- SHA1
  
  0692d334698194dd26e06889b1cd7be32096e6da
- SHA256
  
  5745ab39e594f8a65e33196bef1de6fa421019f23b59319d707ea99d281b00a9
- SHA512
  
  de9a42f6b61262763df75f4dbb66f157f341260ba0bb84ac22902a8f4ceb9576a4f67276ca7d885bb835476c02b25ef560613674297baae73a61a288185dd235
Score

10^/10

persistence suricata
- suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)
  suricata: ET MALWARE Observed GandCrab Domain (gandcrab .bit)
  suricata
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

persistencesuricata