Overview

overview

10

Static

static

7

45e7826967...18.exe

windows7-x64

10

45e7826967...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45e7826967170a3f678adeb339256d0e_JaffaCakes118

  • Size

    276KB

  • Sample

    240330-2dnevsga61

  • MD5

    45e7826967170a3f678adeb339256d0e

  • SHA1

    7f4186153dc40a74b258acd7b55a99d31f6b6302

  • SHA256

    0fc122026ff887be142999d6d85fd363b461c912bd27f96221a7123d4629ceec

  • SHA512

    d5d288d48545481ade9f2e23dc41b98997d60abf3dae9966648cc6e8532717409b3eb43be03f1c79849d881ce46f225b5e05100e134fa97fc2736b843776955b

  • SSDEEP

    6144:/a1G8FVA6adUedCqdo1NGKXmhYvWVQMBCXaFhWzAJM:8FG6adUncu8Ykv2aFhUN

Score
10/10
gandcrabbackdoorpersistenceransomwareupx

Malware Config

Targets

    • Target

      45e7826967170a3f678adeb339256d0e_JaffaCakes118

    • Size

      276KB

    • MD5

      45e7826967170a3f678adeb339256d0e

    • SHA1

      7f4186153dc40a74b258acd7b55a99d31f6b6302

    • SHA256

      0fc122026ff887be142999d6d85fd363b461c912bd27f96221a7123d4629ceec

    • SHA512

      d5d288d48545481ade9f2e23dc41b98997d60abf3dae9966648cc6e8532717409b3eb43be03f1c79849d881ce46f225b5e05100e134fa97fc2736b843776955b

    • SSDEEP

      6144:/a1G8FVA6adUedCqdo1NGKXmhYvWVQMBCXaFhWzAJM:8FG6adUncu8Ykv2aFhUN

    Score
    10/10
    gandcrabbackdoorpersistenceransomwareupx

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks