gandcrab | 384da2d49d98b0bab5c7366e4d962e201d05dc0476cff9520c9626ccab18b3a7 | Triage

Sharing

General

Target

202305179f1630adf599e00bc073c27bc45da3fegandcrab
Size

70KB
Sample

230518-q14vksad5t
MD5

9f1630adf599e00bc073c27bc45da3fe
SHA1

ba1c6d24bfd845760ee85a891c05c3b6d95e9bb5
SHA256

384da2d49d98b0bab5c7366e4d962e201d05dc0476cff9520c9626ccab18b3a7
SHA512

4192ddb23cf657f69835194b71cc26c6d490010409912e6aa1db13394f242070b9567d2705e0d04e997cc1913ad159817e8e621e2a027133882d17a99a2c414c
SSDEEP

1536:VZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ed5BJHMqqDL2/OvvdrH

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  202305179f1630adf599e00bc073c27bc45da3fegandcrab
- Size
  
  70KB
- MD5
  
  9f1630adf599e00bc073c27bc45da3fe
- SHA1
  
  ba1c6d24bfd845760ee85a891c05c3b6d95e9bb5
- SHA256
  
  384da2d49d98b0bab5c7366e4d962e201d05dc0476cff9520c9626ccab18b3a7
- SHA512
  
  4192ddb23cf657f69835194b71cc26c6d490010409912e6aa1db13394f242070b9567d2705e0d04e997cc1913ad159817e8e621e2a027133882d17a99a2c414c
- SSDEEP
  
  1536:VZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ed5BJHMqqDL2/OvvdrH
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2