gandcrab | 2d95384efa8b5e2477ef63e61a120167568e046576c5f88b6650f804eeb790de | Triage

Sharing

General

Target

2024-10-28_0570705887617be1fb79abef476b1656_gandcrab
Size

72KB
Sample

241028-e5h8wsyjfm
MD5

0570705887617be1fb79abef476b1656
SHA1

4553836f81d088a3f05f3a8edb910cbbe5a15a94
SHA256

2d95384efa8b5e2477ef63e61a120167568e046576c5f88b6650f804eeb790de
SHA512

d8e232e084421f85eb7e756f7a9518f8aa4be98a46042d109c6ece5a2d65e6437a29959f1c1fee17bf6c9cb5e26f12e90f7167737c3c87a048fd2049c690280b
SSDEEP

1536:IZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:GBounVyFHpfMqqDL2/Lkvd6

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-10-28_0570705887617be1fb79abef476b1656_gandcrab
- Size
  
  72KB
- MD5
  
  0570705887617be1fb79abef476b1656
- SHA1
  
  4553836f81d088a3f05f3a8edb910cbbe5a15a94
- SHA256
  
  2d95384efa8b5e2477ef63e61a120167568e046576c5f88b6650f804eeb790de
- SHA512
  
  d8e232e084421f85eb7e756f7a9518f8aa4be98a46042d109c6ece5a2d65e6437a29959f1c1fee17bf6c9cb5e26f12e90f7167737c3c87a048fd2049c690280b
- SSDEEP
  
  1536:IZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:GBounVyFHpfMqqDL2/Lkvd6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence