gandcrab | 7c71b8f490299056e6dd787d16a469ddeced62d99915dd4a4eac39e746189f65 | Triage

Sharing

General

Target

2024-10-23_afd3a475960db76bb4b94fea9a2a287c_gandcrab
Size

69KB
Sample

241023-fnhfpssbrf
MD5

afd3a475960db76bb4b94fea9a2a287c
SHA1

3ed9c473be660be089e184580290c8e5353e6acd
SHA256

7c71b8f490299056e6dd787d16a469ddeced62d99915dd4a4eac39e746189f65
SHA512

009c9be5610836b44fba7060a9f8a6556d20a69e4171b05b84556189e2c6e08b5edc88559bfca58c9420c6fdfa5c024a99968effee789fc3c2311d0cf658c1fb
SSDEEP

1536:7ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:7BounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-10-23_afd3a475960db76bb4b94fea9a2a287c_gandcrab
- Size
  
  69KB
- MD5
  
  afd3a475960db76bb4b94fea9a2a287c
- SHA1
  
  3ed9c473be660be089e184580290c8e5353e6acd
- SHA256
  
  7c71b8f490299056e6dd787d16a469ddeced62d99915dd4a4eac39e746189f65
- SHA512
  
  009c9be5610836b44fba7060a9f8a6556d20a69e4171b05b84556189e2c6e08b5edc88559bfca58c9420c6fdfa5c024a99968effee789fc3c2311d0cf658c1fb
- SSDEEP
  
  1536:7ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:7BounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence