gandcrab | 382d18d8a618078f74f0afc6803e8915c1d39561d9527ee55185c6d903f505a7 | Triage

Sharing

General

Target

2024-11-02_52b5739a496f95a6366c38c345661613_gandcrab
Size

70KB
Sample

241102-a3bzksymhk
MD5

52b5739a496f95a6366c38c345661613
SHA1

2a9e89dbcd564d5cebd21a1d65cb683406c49949
SHA256

382d18d8a618078f74f0afc6803e8915c1d39561d9527ee55185c6d903f505a7
SHA512

9d2a039cbf94d54aa059839416c8ae5badab0cdae9ee7c620920614e855c7c836b440269a8ed39936f2ff044c71fd563976125a916cf89431077f917da1b943a
SSDEEP

1536:QZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:fd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-02_52b5739a496f95a6366c38c345661613_gandcrab
- Size
  
  70KB
- MD5
  
  52b5739a496f95a6366c38c345661613
- SHA1
  
  2a9e89dbcd564d5cebd21a1d65cb683406c49949
- SHA256
  
  382d18d8a618078f74f0afc6803e8915c1d39561d9527ee55185c6d903f505a7
- SHA512
  
  9d2a039cbf94d54aa059839416c8ae5badab0cdae9ee7c620920614e855c7c836b440269a8ed39936f2ff044c71fd563976125a916cf89431077f917da1b943a
- SSDEEP
  
  1536:QZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:fd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence