gandcrab | 5c914db85ea7450b415b3b7f6cc3c3f9851db392be734c4acad1bf3a41ac4209 | Triage

Sharing

General

Target

2024-11-01_b989d8a5e15cda28bc6f323e2c3d5ee7_gandcrab
Size

72KB
Sample

241101-g3hkpawmcz
MD5

b989d8a5e15cda28bc6f323e2c3d5ee7
SHA1

9c553c7eeb9594affa3dbd6d8ba3c90915aca4ad
SHA256

5c914db85ea7450b415b3b7f6cc3c3f9851db392be734c4acad1bf3a41ac4209
SHA512

80ae3205ee7b3d5f80f76cf4920b721406c5525b69dfb024763207c8ed0a6adf0dd9ef9dc4d3fd5cb3396a637a82ca4fb9544bf61e9c4f960f8d1e28baa718e8
SSDEEP

1536:0ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:KBounVyFHpfMqqDL2/Lkvd6

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-01_b989d8a5e15cda28bc6f323e2c3d5ee7_gandcrab
- Size
  
  72KB
- MD5
  
  b989d8a5e15cda28bc6f323e2c3d5ee7
- SHA1
  
  9c553c7eeb9594affa3dbd6d8ba3c90915aca4ad
- SHA256
  
  5c914db85ea7450b415b3b7f6cc3c3f9851db392be734c4acad1bf3a41ac4209
- SHA512
  
  80ae3205ee7b3d5f80f76cf4920b721406c5525b69dfb024763207c8ed0a6adf0dd9ef9dc4d3fd5cb3396a637a82ca4fb9544bf61e9c4f960f8d1e28baa718e8
- SSDEEP
  
  1536:0ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:KBounVyFHpfMqqDL2/Lkvd6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence