gandcrab | 8106d0d16c6dc9924972eff857f596303b08a5db166d85eb9be13f679b2deb6c | Triage

Sharing

General

Target

2024-11-17_65a7542c290e4a790e8203825338e947_gandcrab
Size

69KB
Sample

241117-lb81sawkg1
MD5

65a7542c290e4a790e8203825338e947
SHA1

fe9a18960644112b49e174f1dac696d663fbee56
SHA256

8106d0d16c6dc9924972eff857f596303b08a5db166d85eb9be13f679b2deb6c
SHA512

183fa69b4f65942540f81d0e8a2bddd92966a1a153aa5037b89c5e1750da82252911b30dd13708bc1685b2145f647f6dbdb1be6c0b073227f36b8f2199d58e97
SSDEEP

768:LXIxo9TZkKFN7Vf3sohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:jIxo9TNFA9coqlWOkKgdMqqUM2Lkvd6

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-17_65a7542c290e4a790e8203825338e947_gandcrab
- Size
  
  69KB
- MD5
  
  65a7542c290e4a790e8203825338e947
- SHA1
  
  fe9a18960644112b49e174f1dac696d663fbee56
- SHA256
  
  8106d0d16c6dc9924972eff857f596303b08a5db166d85eb9be13f679b2deb6c
- SHA512
  
  183fa69b4f65942540f81d0e8a2bddd92966a1a153aa5037b89c5e1750da82252911b30dd13708bc1685b2145f647f6dbdb1be6c0b073227f36b8f2199d58e97
- SSDEEP
  
  768:LXIxo9TZkKFN7Vf3sohEJH5co/iej2JWOkKgTiGMqWNUMFAHJ9E3lvd6s:jIxo9TNFA9coqlWOkKgdMqqUM2Lkvd6
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence