gandcrab | 44915a42c811f148b618fe1c2c6adf9557a72224738f2a3fbcc503d8c0b0dcb9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-03_ae092dedb2cbdd64c31e16472bf829ab_gandcrab
Size

69KB
Sample

240203-gb6s7scgal
MD5

ae092dedb2cbdd64c31e16472bf829ab
SHA1

8544c1032e40f10f89d49ab236a85f20fb35b588
SHA256

44915a42c811f148b618fe1c2c6adf9557a72224738f2a3fbcc503d8c0b0dcb9
SHA512

309d7dcd91c02bd94d289a0c45a39ca9493cd423e15eeb16d2a600a112d32444c6ffe2b6e91f9c1b2af5f290802762960748bed31a6fe01bfbadf743e02be406
SSDEEP

1536:pZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:VBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2024-02-03_ae092dedb2cbdd64c31e16472bf829ab_gandcrab
- Size
  
  69KB
- MD5
  
  ae092dedb2cbdd64c31e16472bf829ab
- SHA1
  
  8544c1032e40f10f89d49ab236a85f20fb35b588
- SHA256
  
  44915a42c811f148b618fe1c2c6adf9557a72224738f2a3fbcc503d8c0b0dcb9
- SHA512
  
  309d7dcd91c02bd94d289a0c45a39ca9493cd423e15eeb16d2a600a112d32444c6ffe2b6e91f9c1b2af5f290802762960748bed31a6fe01bfbadf743e02be406
- SSDEEP
  
  1536:pZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:VBounVyFHpfMqqDL2/Lkvd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2