gandcrab | f46b03f6d01892a5161e640a7c7a97f5c02247effedf470f646addcd968c0b17 | Triage

Sharing

General

Target

2023-05-07_a6b4b62627b24a11a5ca1d61d549d396_gandcrab
Size

70KB
Sample

230508-dznezsaf6v
MD5

a6b4b62627b24a11a5ca1d61d549d396
SHA1

65cc47d225e2f785875f4854de3105136656eb5f
SHA256

f46b03f6d01892a5161e640a7c7a97f5c02247effedf470f646addcd968c0b17
SHA512

70f67f9f33ec2ebbe80ec8b2d23dba00bd6129391d6fade63f5fa2eee0ef3a4822d1e41f803909d8dabc66fb9c18d16f6eafa9f39bdd5bef5646cd6fc9ced725
SSDEEP

1536:IZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Hd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2023-05-07_a6b4b62627b24a11a5ca1d61d549d396_gandcrab
- Size
  
  70KB
- MD5
  
  a6b4b62627b24a11a5ca1d61d549d396
- SHA1
  
  65cc47d225e2f785875f4854de3105136656eb5f
- SHA256
  
  f46b03f6d01892a5161e640a7c7a97f5c02247effedf470f646addcd968c0b17
- SHA512
  
  70f67f9f33ec2ebbe80ec8b2d23dba00bd6129391d6fade63f5fa2eee0ef3a4822d1e41f803909d8dabc66fb9c18d16f6eafa9f39bdd5bef5646cd6fc9ced725
- SSDEEP
  
  1536:IZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Hd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2