gandcrab | 99bbe2139edd67b78e8e540097e2749282ed1f1973ab4ef525c7ffa289e54a5e | Triage

Sharing

General

Target

2024-12-31_829d9b14dbdf07257ba98af914d2b882_gandcrab
Size

70KB
Sample

241231-st1wfswpgv
MD5

829d9b14dbdf07257ba98af914d2b882
SHA1

6bdf5e5de437e5c17c1e5dd132aa44ad1c98058e
SHA256

99bbe2139edd67b78e8e540097e2749282ed1f1973ab4ef525c7ffa289e54a5e
SHA512

05fc3742638ba20d2abd3e20b8aab9f2d60e75237ea42599b6fad5d60a0ae6ea88f388e3983f991a953187208b5c6496dd5df7906e8aeb10f23728dd425d2645
SSDEEP

1536:TZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Cd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2024-12-31_829d9b14dbdf07257ba98af914d2b882_gandcrab
- Size
  
  70KB
- MD5
  
  829d9b14dbdf07257ba98af914d2b882
- SHA1
  
  6bdf5e5de437e5c17c1e5dd132aa44ad1c98058e
- SHA256
  
  99bbe2139edd67b78e8e540097e2749282ed1f1973ab4ef525c7ffa289e54a5e
- SHA512
  
  05fc3742638ba20d2abd3e20b8aab9f2d60e75237ea42599b6fad5d60a0ae6ea88f388e3983f991a953187208b5c6496dd5df7906e8aeb10f23728dd425d2645
- SSDEEP
  
  1536:TZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Cd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence