gandcrab | ca94333fe3c5529a9a0bd7566f265ea0d74d8109d25ebfba8f2c8dc15e9e9ea5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-13_07781d97ebb99ed33f4d90dc01b19c5f_gandcrab
Size

70KB
Sample

230514-jfcf9sbb36
MD5

07781d97ebb99ed33f4d90dc01b19c5f
SHA1

174f7491d068a1e3ecc5883edd10c77486368a71
SHA256

ca94333fe3c5529a9a0bd7566f265ea0d74d8109d25ebfba8f2c8dc15e9e9ea5
SHA512

10c90797bbaf3af6ee95b0199a1add292ebaa0aa49f55e0febf331699d02338c21b49a266e953c3274c4cadf9640d6342244b4d07979f349c6c92b5c4db561d6
SSDEEP

1536:vZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Gd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2023-05-13_07781d97ebb99ed33f4d90dc01b19c5f_gandcrab
- Size
  
  70KB
- MD5
  
  07781d97ebb99ed33f4d90dc01b19c5f
- SHA1
  
  174f7491d068a1e3ecc5883edd10c77486368a71
- SHA256
  
  ca94333fe3c5529a9a0bd7566f265ea0d74d8109d25ebfba8f2c8dc15e9e9ea5
- SHA512
  
  10c90797bbaf3af6ee95b0199a1add292ebaa0aa49f55e0febf331699d02338c21b49a266e953c3274c4cadf9640d6342244b4d07979f349c6c92b5c4db561d6
- SSDEEP
  
  1536:vZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Gd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2