gandcrab | 649ce9dea3ac9cb2fc47939ceb6f0cdfe4f06dfae49e0d711c0f4816de68a422 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-11_6fac2c7228d8d762186d0505a18bbea7_gandcrab
Size

70KB
Sample

230512-dczjqsbe53
MD5

6fac2c7228d8d762186d0505a18bbea7
SHA1

a67d9026ebeec5edb95fb50fe1cf72d7aa2bcc76
SHA256

649ce9dea3ac9cb2fc47939ceb6f0cdfe4f06dfae49e0d711c0f4816de68a422
SHA512

f140623351bf2f23f94358aecfba54d2c1f4bb3ea98686f278e16ed96ccf608f456f9fd4b7f9387712e9eea64d57a7cfac10dd2acf24dcb7168c5a4e185fff74
SSDEEP

1536:OZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:td5BJHMqqDL2/OvvdrH

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2023-05-11_6fac2c7228d8d762186d0505a18bbea7_gandcrab
- Size
  
  70KB
- MD5
  
  6fac2c7228d8d762186d0505a18bbea7
- SHA1
  
  a67d9026ebeec5edb95fb50fe1cf72d7aa2bcc76
- SHA256
  
  649ce9dea3ac9cb2fc47939ceb6f0cdfe4f06dfae49e0d711c0f4816de68a422
- SHA512
  
  f140623351bf2f23f94358aecfba54d2c1f4bb3ea98686f278e16ed96ccf608f456f9fd4b7f9387712e9eea64d57a7cfac10dd2acf24dcb7168c5a4e185fff74
- SSDEEP
  
  1536:OZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:td5BJHMqqDL2/OvvdrH
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2