ToDesk_Lite.exe

General
Target

ToDesk_Lite.exe

Size

6MB

Sample

210702-mee6653ca6

Score
10 /10
MD5

ce5ab2494fc91c67248bbdb085b747c2

SHA1

bdc554a291a4c4e2bf2490522aa70d0ff262cba7

SHA256

4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6

SHA512

a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0

Malware Config
Targets
Target

ToDesk_Lite.exe

MD5

ce5ab2494fc91c67248bbdb085b747c2

Filesize

6MB

Score
10/10
SHA1

bdc554a291a4c4e2bf2490522aa70d0ff262cba7

SHA256

4a36398050b818b3ea0067685fc31cedbe3efa017ae741774c527c9391ec26a6

SHA512

a60d8225cf8c497f8364adde5467ba6872fd56692650b324815c7eec676e263776be8f7aa442e21d3cb733d5d7544d4e6001a2f8a5834f1b834c9de222b0cbc0

Tags

Signatures

  • GandCrab Payload

  • Gandcrab

    Description

    Gandcrab is a Trojan horse that encrypts files on a computer.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies boot configuration data using bcdedit

    Tags

    TTPs

    Inhibit System Recovery
  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    Tags

    TTPs

    DefacementModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Exfiltration
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                8/10

                behavioral2

                5/10