gandcrab | 96f0ac3aff6b702d2bcebddfc0320bc3d891a288159c013fe0f3ae60b99636e6 | Triage

Sharing

General

Target

2024-10-23_c5032e29209e266ee61373838f382941_gandcrab
Size

69KB
Sample

241023-b6ncfsxaql
MD5

c5032e29209e266ee61373838f382941
SHA1

5aabab3b0af66b37953ae6692e7b553476225b61
SHA256

96f0ac3aff6b702d2bcebddfc0320bc3d891a288159c013fe0f3ae60b99636e6
SHA512

6fb56c71362dd3bcbbd5d441ca17c92127678f620051214b05a722f092c542c1c9495d961207968858fa5188b12df58743c4e4141a37d1652d6c60b2dfa8c606
SSDEEP

1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:vBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-10-23_c5032e29209e266ee61373838f382941_gandcrab
- Size
  
  69KB
- MD5
  
  c5032e29209e266ee61373838f382941
- SHA1
  
  5aabab3b0af66b37953ae6692e7b553476225b61
- SHA256
  
  96f0ac3aff6b702d2bcebddfc0320bc3d891a288159c013fe0f3ae60b99636e6
- SHA512
  
  6fb56c71362dd3bcbbd5d441ca17c92127678f620051214b05a722f092c542c1c9495d961207968858fa5188b12df58743c4e4141a37d1652d6c60b2dfa8c606
- SSDEEP
  
  1536:nZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:vBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence