gandcrab | 636076e8b5a558454640393270ed292df71f9982a9aec27263b35c5c37034d5e | Triage

Sharing

General

Target

2024-11-03_6fb82131a9776be7bcab14488e9edef8_gandcrab
Size

70KB
Sample

241103-mtm2pssepk
MD5

6fb82131a9776be7bcab14488e9edef8
SHA1

47f72614123d3d159f50b1c97ce878105ce596c1
SHA256

636076e8b5a558454640393270ed292df71f9982a9aec27263b35c5c37034d5e
SHA512

927047c60313972f0bd207d726b2a47156842e5c5bf18940f64edbc636d8ef1d4da3eea57d192f51205da2e35c14160b4a095828237810d74cbbfeb14d3b7df9
SSDEEP

1536:WZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Fd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-03_6fb82131a9776be7bcab14488e9edef8_gandcrab
- Size
  
  70KB
- MD5
  
  6fb82131a9776be7bcab14488e9edef8
- SHA1
  
  47f72614123d3d159f50b1c97ce878105ce596c1
- SHA256
  
  636076e8b5a558454640393270ed292df71f9982a9aec27263b35c5c37034d5e
- SHA512
  
  927047c60313972f0bd207d726b2a47156842e5c5bf18940f64edbc636d8ef1d4da3eea57d192f51205da2e35c14160b4a095828237810d74cbbfeb14d3b7df9
- SSDEEP
  
  1536:WZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Fd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence