gandcrab | 58885b6aa3db3239ec6edc271c0613e8c54c705222ea6dab1e25250990581cf1 | Triage

Sharing

General

Target

0607034a90e6e2e2d718f5c1494c2740346d0fff288f15da99ee544f9b6c9c17.zip
Size

33KB
Sample

230321-qppxaace7v
MD5

b1110710468dba3c2f6a06ba96d57eef
SHA1

91c8e974d1bcf5123a8879c964af6a875ca4b38b
SHA256

58885b6aa3db3239ec6edc271c0613e8c54c705222ea6dab1e25250990581cf1
SHA512

30d817104c200604c393b3b413ffbe8be02a3c0d6ad62d74c79233ef1bc2f4d25f42a74e7bfa1e469cfe22a2fb2371cba8694971bed4b3d8038394b7c7666177
SSDEEP

768:VCrfJmJvLWrPFb7tEfofu1qHhMFaOE7gCj3I/vADGIJOqelT2UiNNa95:4rfoJv6l7vfu0HmFazgCKADHJOqelCRA

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  0607034a90e6e2e2d718f5c1494c2740346d0fff288f15da99ee544f9b6c9c17.exe
- Size
  
  70KB
- MD5
  
  3ebbc8bc763bce9c935d41fdd0193731
- SHA1
  
  221d69986a6f03b96fe704605cce73b3861d092e
- SHA256
  
  0607034a90e6e2e2d718f5c1494c2740346d0fff288f15da99ee544f9b6c9c17
- SHA512
  
  58d5b53657d08416b52b1d0200682354411f4161764245f441135b83e7d026830d87c2a98a1f545fe5c483145c88d1b9f309a15767004f58cae9a55866c728fa
- SSDEEP
  
  1536:jZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Sd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2