gandcrab | 44f18dcb7dcc162efefe5194e6c812c3cf7118e6a3600430f15344664c9997e5 | Triage

Sharing

General

Target

44f18dcb7dcc162efefe5194e6c812c3cf7118e6a3600430f15344664c9997e5
Size

243KB
Sample

221223-jc7g8sbc3z
MD5

39f1c5eb9cdf741d98b4092e0a60c19c
SHA1

7c250d7d3ab8fb84c2778e8096539a28771da2e3
SHA256

44f18dcb7dcc162efefe5194e6c812c3cf7118e6a3600430f15344664c9997e5
SHA512

cf2fb9892a64046ece242a22039e6df4af20c95e818b8aad3a08ec13697e40fdd76831764339a7a28e289a9968d857c381298febdc286915f6ed5333ad148d6b
SSDEEP

6144:idJsqqDL6gvdrVVlBnQj6hm+4OzqUFp2hy4z0YXCrHhomarc08Q1wfUGyMR:iBqn6kZdnY6hHd2GgyEGTh50J1uUGyMR

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  44f18dcb7dcc162efefe5194e6c812c3cf7118e6a3600430f15344664c9997e5
- Size
  
  243KB
- MD5
  
  39f1c5eb9cdf741d98b4092e0a60c19c
- SHA1
  
  7c250d7d3ab8fb84c2778e8096539a28771da2e3
- SHA256
  
  44f18dcb7dcc162efefe5194e6c812c3cf7118e6a3600430f15344664c9997e5
- SHA512
  
  cf2fb9892a64046ece242a22039e6df4af20c95e818b8aad3a08ec13697e40fdd76831764339a7a28e289a9968d857c381298febdc286915f6ed5333ad148d6b
- SSDEEP
  
  6144:idJsqqDL6gvdrVVlBnQj6hm+4OzqUFp2hy4z0YXCrHhomarc08Q1wfUGyMR:iBqn6kZdnY6hHd2GgyEGTh50J1uUGyMR
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2