gandcrab | f42d876d6a37d837e32a26c68cbead92f72f2888d0358a9814f670093145e037 | Triage

Sharing

General

Target

2024-04-18_c815c62c9047d61372a30ec05b7536cc_gandcrab
Size

69KB
Sample

240418-asyqladf41
MD5

c815c62c9047d61372a30ec05b7536cc
SHA1

2ac5ce4861d67e5c44ce121eab908dd9f5c5d43a
SHA256

f42d876d6a37d837e32a26c68cbead92f72f2888d0358a9814f670093145e037
SHA512

46384453775bc66e7990ea7daf24a72d51475094ece25c8da79535de920d8aba8356f0ff57b109d046e6794bd1d5f7987e6952ddc905f2c03f906b636b582f79
SSDEEP

1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:5BounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2024-04-18_c815c62c9047d61372a30ec05b7536cc_gandcrab
- Size
  
  69KB
- MD5
  
  c815c62c9047d61372a30ec05b7536cc
- SHA1
  
  2ac5ce4861d67e5c44ce121eab908dd9f5c5d43a
- SHA256
  
  f42d876d6a37d837e32a26c68cbead92f72f2888d0358a9814f670093145e037
- SHA512
  
  46384453775bc66e7990ea7daf24a72d51475094ece25c8da79535de920d8aba8356f0ff57b109d046e6794bd1d5f7987e6952ddc905f2c03f906b636b582f79
- SSDEEP
  
  1536:lZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:5BounVyFHpfMqqDL2/Lkvd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2