gandcrab | d7efd62d04dc22298f2baad8b295897eaa6c21e84bda2debf8db294ca2ddae9e | Triage

Sharing

General

Target

2024-11-03_3e90c967f61a27940b1097af983f83de_gandcrab
Size

72KB
Sample

241103-mf993ssckk
MD5

3e90c967f61a27940b1097af983f83de
SHA1

043a615c8b3a22acd7c3b9a0be9d51319f7ad692
SHA256

d7efd62d04dc22298f2baad8b295897eaa6c21e84bda2debf8db294ca2ddae9e
SHA512

27a46b677a802f3b59bea78d2ba56da0d7d382f80c26e524ab093e9c6aedca69a4d75afa2238cc06e013dc19822896b60cc05c92aaada6ba9d4ec34cca806819
SSDEEP

1536:eZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:oBounVyFHpfMqqDL2/Lkvd6

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-03_3e90c967f61a27940b1097af983f83de_gandcrab
- Size
  
  72KB
- MD5
  
  3e90c967f61a27940b1097af983f83de
- SHA1
  
  043a615c8b3a22acd7c3b9a0be9d51319f7ad692
- SHA256
  
  d7efd62d04dc22298f2baad8b295897eaa6c21e84bda2debf8db294ca2ddae9e
- SHA512
  
  27a46b677a802f3b59bea78d2ba56da0d7d382f80c26e524ab093e9c6aedca69a4d75afa2238cc06e013dc19822896b60cc05c92aaada6ba9d4ec34cca806819
- SSDEEP
  
  1536:eZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd6:oBounVyFHpfMqqDL2/Lkvd6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence