gandcrab | 70255af3afbd59e6a72ebaf47fddd5df321b3f7faa2acafd72d1212b76391607 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-06-05_18ba062fda7eff3432883bc8238ab67a_gandcrab
Size

70KB
Sample

230606-jyedkscf86
MD5

18ba062fda7eff3432883bc8238ab67a
SHA1

a71e797868abdebce8e0b41f331b62a298047eeb
SHA256

70255af3afbd59e6a72ebaf47fddd5df321b3f7faa2acafd72d1212b76391607
SHA512

3ec7d423573f6a2d5a66caf27ef82a9d13d2c52b3dcd8b0a70273ff7524bbac6d288e13e6a23660423e384ce8e7ab7888af83ddb1f4b09845456611d6f2ccd35
SSDEEP

1536:aZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:xd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2023-06-05_18ba062fda7eff3432883bc8238ab67a_gandcrab
- Size
  
  70KB
- MD5
  
  18ba062fda7eff3432883bc8238ab67a
- SHA1
  
  a71e797868abdebce8e0b41f331b62a298047eeb
- SHA256
  
  70255af3afbd59e6a72ebaf47fddd5df321b3f7faa2acafd72d1212b76391607
- SHA512
  
  3ec7d423573f6a2d5a66caf27ef82a9d13d2c52b3dcd8b0a70273ff7524bbac6d288e13e6a23660423e384ce8e7ab7888af83ddb1f4b09845456611d6f2ccd35
- SSDEEP
  
  1536:aZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:xd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2