gandcrab | 063efc194a47cf834885b76d0de5eaf4f307ba2aecd97de0e6eb4b8826baa7cc | Triage

Sharing

General

Target

2024-11-02_82b23baf9127508b43a352164f0a38d0_gandcrab
Size

71KB
Sample

241102-gctv2axrbz
MD5

82b23baf9127508b43a352164f0a38d0
SHA1

165dbbba92120a6da077e821b992ef701a61c21b
SHA256

063efc194a47cf834885b76d0de5eaf4f307ba2aecd97de0e6eb4b8826baa7cc
SHA512

1063859a094dd602f4728f13cac6dbb3a36370a0a5d83795e95fb6b08b660e5e88c55e1019770ec30f68e09ad2251bca4d4362aadae30af09143b5db5421937f
SSDEEP

1536:SZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2LkvdW:0BounVyFHpfMqqDL2/LkvdW

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-02_82b23baf9127508b43a352164f0a38d0_gandcrab
- Size
  
  71KB
- MD5
  
  82b23baf9127508b43a352164f0a38d0
- SHA1
  
  165dbbba92120a6da077e821b992ef701a61c21b
- SHA256
  
  063efc194a47cf834885b76d0de5eaf4f307ba2aecd97de0e6eb4b8826baa7cc
- SHA512
  
  1063859a094dd602f4728f13cac6dbb3a36370a0a5d83795e95fb6b08b660e5e88c55e1019770ec30f68e09ad2251bca4d4362aadae30af09143b5db5421937f
- SSDEEP
  
  1536:SZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2LkvdW:0BounVyFHpfMqqDL2/LkvdW
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2