gandcrab | 9402506e404ace15d4117ecbff1ec502392927f009a52ab7c6e5ac8d6dd7d8e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-19_fbe2b388acc24ab9547315833cdf2ffd_gandcrab
Size

70KB
Sample

230520-dbgyascg7s
MD5

fbe2b388acc24ab9547315833cdf2ffd
SHA1

8606010822d28b43e0f89292ac691c961a5673f3
SHA256

9402506e404ace15d4117ecbff1ec502392927f009a52ab7c6e5ac8d6dd7d8e1
SHA512

52eed0f4f3a2f2910f60712379923a384b4b35e3cba55aeca33ab971ccae394138dee6c54d6addafcd319db7e164d2858ad5a18449cb53fbfa4c2055faaaad73
SSDEEP

1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Xd5BJHMqqDL2/OvvdrH

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2023-05-19_fbe2b388acc24ab9547315833cdf2ffd_gandcrab
- Size
  
  70KB
- MD5
  
  fbe2b388acc24ab9547315833cdf2ffd
- SHA1
  
  8606010822d28b43e0f89292ac691c961a5673f3
- SHA256
  
  9402506e404ace15d4117ecbff1ec502392927f009a52ab7c6e5ac8d6dd7d8e1
- SHA512
  
  52eed0f4f3a2f2910f60712379923a384b4b35e3cba55aeca33ab971ccae394138dee6c54d6addafcd319db7e164d2858ad5a18449cb53fbfa4c2055faaaad73
- SSDEEP
  
  1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Xd5BJHMqqDL2/OvvdrH
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2