gandcrab | 2d878bc096159c075b2075c441ccf0b44da96c739b4c36cb0b120ff8d4bc4f12 | Triage

Sharing

General

Target

03164545a1e029825e154dbde7f4a4cf_JaffaCakes118
Size

70KB
Sample

240427-myxrpshf4w
MD5

03164545a1e029825e154dbde7f4a4cf
SHA1

1bfd588d1b77656c2238de83cf541debebbcc5c8
SHA256

2d878bc096159c075b2075c441ccf0b44da96c739b4c36cb0b120ff8d4bc4f12
SHA512

d23d43f450d4b5e3d0c0cff73ecb3b06655943a7eaac4e0afca6b5f6f44f11a0f800399467aa1ee47c98f26707910c06c786e09606b9084d5071d1c41ba5b085
SSDEEP

1536:mZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Vd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  03164545a1e029825e154dbde7f4a4cf_JaffaCakes118
- Size
  
  70KB
- MD5
  
  03164545a1e029825e154dbde7f4a4cf
- SHA1
  
  1bfd588d1b77656c2238de83cf541debebbcc5c8
- SHA256
  
  2d878bc096159c075b2075c441ccf0b44da96c739b4c36cb0b120ff8d4bc4f12
- SHA512
  
  d23d43f450d4b5e3d0c0cff73ecb3b06655943a7eaac4e0afca6b5f6f44f11a0f800399467aa1ee47c98f26707910c06c786e09606b9084d5071d1c41ba5b085
- SSDEEP
  
  1536:mZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:Vd5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2