gandcrab | 9e538d96835517188e5ed970e1c0a3510236e6811392aaaa9b202f9c7ba2bb14 | Triage

Sharing

General

Target

12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5.zip
Size

33KB
Sample

230321-qpp72sce7x
MD5

a3f8f978d2caca0d7b380c2de3edbe96
SHA1

f7fd1d21b00d7224836360e5ab81d89f9b21f364
SHA256

9e538d96835517188e5ed970e1c0a3510236e6811392aaaa9b202f9c7ba2bb14
SHA512

a6dfea2897e1d22c9c510c515d4378c54e6a11bd8930231e9e0bd883762a077bcfefb188f78055f889b176f75cf33aedadeab347c79c0189699f987487205b90
SSDEEP

768:GdgRhXjZfThIOxxZGv9AuYUYOrUhb8goA6CkkfYNIU:Gd2j9lxOrUhB6C7Yr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5.exe
- Size
  
  70KB
- MD5
  
  69d9a8ca55d981e263da1188bb7c8097
- SHA1
  
  2fad40421f5c17bcf2ed60882eb0b7cdece79cef
- SHA256
  
  12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5
- SHA512
  
  b6d575acaf24c4e6f6d6f043c793b2f068f63108fc35b26da3d5fb9e644fd112034b5d5cdf637e1929cbdfb3f46b76d7db862cb85f225d95441b953f1504d2db
- SSDEEP
  
  1536:hZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Id5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2