gandcrab | ef1b2bfcc96ea784598e4b3767a95d2e3458947a38a9e72acc1429b3fcf268bd | Triage

Sharing

General

Target

90f4d9485f345239140761faf794087e_gandcrab_JC.exe
Size

70KB
Sample

230825-qhqv1adg3y
MD5

90f4d9485f345239140761faf794087e
SHA1

a0c9653e23a1eef38d0e131ac8853e826cfa574f
SHA256

ef1b2bfcc96ea784598e4b3767a95d2e3458947a38a9e72acc1429b3fcf268bd
SHA512

4ff596ba2c243ec2d58ad18f5ac167d39c364d380ebd8ad15dc28fd656975e64f33cacde3c12e6346b5e62060f2d4ee512c0127bdd05041ddce1f90d7f5bd157
SSDEEP

1536:bZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:ad5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  90f4d9485f345239140761faf794087e_gandcrab_JC.exe
- Size
  
  70KB
- MD5
  
  90f4d9485f345239140761faf794087e
- SHA1
  
  a0c9653e23a1eef38d0e131ac8853e826cfa574f
- SHA256
  
  ef1b2bfcc96ea784598e4b3767a95d2e3458947a38a9e72acc1429b3fcf268bd
- SHA512
  
  4ff596ba2c243ec2d58ad18f5ac167d39c364d380ebd8ad15dc28fd656975e64f33cacde3c12e6346b5e62060f2d4ee512c0127bdd05041ddce1f90d7f5bd157
- SSDEEP
  
  1536:bZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:ad5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2