gandcrab | a07e011265b4edbd193c56c8d1dde9759339e1f86d088e201c992a12e6ca295c | Triage

Sharing

General

Target

78c30a3a6acca50c03522ef1eee7658a_gandcrab_JC.exe
Size

69KB
Sample

230805-yv7y2sec92
MD5

78c30a3a6acca50c03522ef1eee7658a
SHA1

3101630f5a3db61b25f7502d73a6041c050ef4dd
SHA256

a07e011265b4edbd193c56c8d1dde9759339e1f86d088e201c992a12e6ca295c
SHA512

f22c4c610715aa6a93a43ec44a812f04d6709b879a62b93d3840ed9366666a19d6aa79c2b5682c184a627da8948b21144bc71f4d5183a7847557ed6a9ad0b4be
SSDEEP

1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:5BounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  78c30a3a6acca50c03522ef1eee7658a_gandcrab_JC.exe
- Size
  
  69KB
- MD5
  
  78c30a3a6acca50c03522ef1eee7658a
- SHA1
  
  3101630f5a3db61b25f7502d73a6041c050ef4dd
- SHA256
  
  a07e011265b4edbd193c56c8d1dde9759339e1f86d088e201c992a12e6ca295c
- SHA512
  
  f22c4c610715aa6a93a43ec44a812f04d6709b879a62b93d3840ed9366666a19d6aa79c2b5682c184a627da8948b21144bc71f4d5183a7847557ed6a9ad0b4be
- SSDEEP
  
  1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:5BounVyFHpfMqqDL2/Lkvd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2