gandcrab | b1d023d8834959f297b84f83ff4bc09e63ad9576ecb1b11eaf1f63de5fc3cf71 | Triage

Sharing

General

Target

2024-04-18_5e0d51633af39456376cb9ade0220936_gandcrab
Size

70KB
Sample

240418-jhgtrsgd4y
MD5

5e0d51633af39456376cb9ade0220936
SHA1

b695d5c790a2a4e0d23ed22610fd0ed833c514c2
SHA256

b1d023d8834959f297b84f83ff4bc09e63ad9576ecb1b11eaf1f63de5fc3cf71
SHA512

99838bbcf8b6a1f42a23d3743317b62568f25bf23b369748de1ea9c4f9db4dd26920a701309d4f671c863b0c876c14f9e7ab2c33c5dd781421ce886b4f6f61e6
SSDEEP

1536:kZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:7d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  2024-04-18_5e0d51633af39456376cb9ade0220936_gandcrab
- Size
  
  70KB
- MD5
  
  5e0d51633af39456376cb9ade0220936
- SHA1
  
  b695d5c790a2a4e0d23ed22610fd0ed833c514c2
- SHA256
  
  b1d023d8834959f297b84f83ff4bc09e63ad9576ecb1b11eaf1f63de5fc3cf71
- SHA512
  
  99838bbcf8b6a1f42a23d3743317b62568f25bf23b369748de1ea9c4f9db4dd26920a701309d4f671c863b0c876c14f9e7ab2c33c5dd781421ce886b4f6f61e6
- SSDEEP
  
  1536:kZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:7d5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2