gandcrab | ea34dc54dba6defa5b1b699fd77925ca343f116365cea93c2327e8296fcf7b99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b4406f0c778bd08e62ca2f78501da53_gandcrab_JC.exe
Size

70KB
Sample

230822-tydr6afb41
MD5

6b4406f0c778bd08e62ca2f78501da53
SHA1

17e7d1b19114d97d8ddc5e25cd8f69816fca9aa0
SHA256

ea34dc54dba6defa5b1b699fd77925ca343f116365cea93c2327e8296fcf7b99
SHA512

a2d4865a8ea6d584be1ef66e6c48eb00f5c3a97dcab259728476bdeb7821d2240ba255e95c7674d89241a679ae6b58a99df5a2313a7144a8f5184014d045fb5e
SSDEEP

1536:VZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ed5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  6b4406f0c778bd08e62ca2f78501da53_gandcrab_JC.exe
- Size
  
  70KB
- MD5
  
  6b4406f0c778bd08e62ca2f78501da53
- SHA1
  
  17e7d1b19114d97d8ddc5e25cd8f69816fca9aa0
- SHA256
  
  ea34dc54dba6defa5b1b699fd77925ca343f116365cea93c2327e8296fcf7b99
- SHA512
  
  a2d4865a8ea6d584be1ef66e6c48eb00f5c3a97dcab259728476bdeb7821d2240ba255e95c7674d89241a679ae6b58a99df5a2313a7144a8f5184014d045fb5e
- SSDEEP
  
  1536:VZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Ed5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2