gandcrab | 2d7c27ddbc3c3b2db0dc9ece17848c4f09b810c5b9e273383b4c84356417f191 | Triage

Sharing

General

Target

2024-11-03_9fa6daa0b16d68aaf37a9acb5cb8424e_gandcrab
Size

72KB
Sample

241103-gb4c3syrfq
MD5

9fa6daa0b16d68aaf37a9acb5cb8424e
SHA1

6fa76f38f84bbea2a8b904869af967829f609c99
SHA256

2d7c27ddbc3c3b2db0dc9ece17848c4f09b810c5b9e273383b4c84356417f191
SHA512

b5f3850936e175a2bb12a90c46d63d9672639f96a63d47c23e55fe1961767dc37441ddbdb3c8b19d45f8348ae265faa365a908a653b7c1795a40d4f8ff061135
SSDEEP

1536:AZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:uBounVyFHpfMqqDL2/Lkvd6

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-03_9fa6daa0b16d68aaf37a9acb5cb8424e_gandcrab
- Size
  
  72KB
- MD5
  
  9fa6daa0b16d68aaf37a9acb5cb8424e
- SHA1
  
  6fa76f38f84bbea2a8b904869af967829f609c99
- SHA256
  
  2d7c27ddbc3c3b2db0dc9ece17848c4f09b810c5b9e273383b4c84356417f191
- SHA512
  
  b5f3850936e175a2bb12a90c46d63d9672639f96a63d47c23e55fe1961767dc37441ddbdb3c8b19d45f8348ae265faa365a908a653b7c1795a40d4f8ff061135
- SSDEEP
  
  1536:AZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:uBounVyFHpfMqqDL2/Lkvd6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence