gandcrab | f6dc7909cc2b7cdaa94ac2817ad85773662d8da807fd85cfd664ecc18a9f6bfe | Triage

Sharing

General

Target

2024-11-10_a09361c4134e0853c443961bb865c784_gandcrab
Size

70KB
Sample

241110-d98tnsykf1
MD5

a09361c4134e0853c443961bb865c784
SHA1

69cded13cf5c7f3942be98c55cd5b5c4f51c3f82
SHA256

f6dc7909cc2b7cdaa94ac2817ad85773662d8da807fd85cfd664ecc18a9f6bfe
SHA512

b91264119769ec50fb32c1cfad14edf510bd07acf5f11e7c1ee135b649d284c3c7b1318a1cedc7a0ad7e7d7c781b0ed7f990ee8705f58aa96de1a1ffd9d0316c
SSDEEP

1536:sZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:zd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-10_a09361c4134e0853c443961bb865c784_gandcrab
- Size
  
  70KB
- MD5
  
  a09361c4134e0853c443961bb865c784
- SHA1
  
  69cded13cf5c7f3942be98c55cd5b5c4f51c3f82
- SHA256
  
  f6dc7909cc2b7cdaa94ac2817ad85773662d8da807fd85cfd664ecc18a9f6bfe
- SHA512
  
  b91264119769ec50fb32c1cfad14edf510bd07acf5f11e7c1ee135b649d284c3c7b1318a1cedc7a0ad7e7d7c781b0ed7f990ee8705f58aa96de1a1ffd9d0316c
- SSDEEP
  
  1536:sZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:zd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence