gandcrab | dbd95d2979da95bb06d6ea88c8f1e175da4b23423f4eccbb13d334856fba28fb | Triage

Sharing

General

Target

2024-11-21_cff2c6679ce7084bd4cd905bbf9bf073_gandcrab
Size

69KB
Sample

241121-etca7symgw
MD5

cff2c6679ce7084bd4cd905bbf9bf073
SHA1

7a0241bc41a85cef0a5466ba66265bdf6bd8d7e5
SHA256

dbd95d2979da95bb06d6ea88c8f1e175da4b23423f4eccbb13d334856fba28fb
SHA512

fe5d0afbc2b2d4dca8413e03172c3bdfbd5db1540fbdfaf14ce9403260a8ee4f19b52c154f9b47a40dee7b35101b46917b8d7ff4e130c172cfcb9e7ad05696e3
SSDEEP

1536:HZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:PBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-11-21_cff2c6679ce7084bd4cd905bbf9bf073_gandcrab
- Size
  
  69KB
- MD5
  
  cff2c6679ce7084bd4cd905bbf9bf073
- SHA1
  
  7a0241bc41a85cef0a5466ba66265bdf6bd8d7e5
- SHA256
  
  dbd95d2979da95bb06d6ea88c8f1e175da4b23423f4eccbb13d334856fba28fb
- SHA512
  
  fe5d0afbc2b2d4dca8413e03172c3bdfbd5db1540fbdfaf14ce9403260a8ee4f19b52c154f9b47a40dee7b35101b46917b8d7ff4e130c172cfcb9e7ad05696e3
- SSDEEP
  
  1536:HZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:PBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence