gandcrab | 5f212359d21fb6c9bcebadbb24db187900b127c4484d74032f88e037f0cc4194 | Triage

Sharing

General

Target

65a5b64aba683d72a593e762873e1c7e_JaffaCakes118
Size

69KB
Sample

240522-cmp8daha56
MD5

65a5b64aba683d72a593e762873e1c7e
SHA1

8975abb4008cca62c58ee3872c8dad217d2f10c8
SHA256

5f212359d21fb6c9bcebadbb24db187900b127c4484d74032f88e037f0cc4194
SHA512

a0c572aed94e782b652ddae883bf0511010147f41fdbb29b0c69182c8979eff351d33d7f0a270a3d1bba22e4a59b6651b6ce6f65c13bc77cbe0bad5e6132b18c
SSDEEP

1536:eZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:oBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  65a5b64aba683d72a593e762873e1c7e_JaffaCakes118
- Size
  
  69KB
- MD5
  
  65a5b64aba683d72a593e762873e1c7e
- SHA1
  
  8975abb4008cca62c58ee3872c8dad217d2f10c8
- SHA256
  
  5f212359d21fb6c9bcebadbb24db187900b127c4484d74032f88e037f0cc4194
- SHA512
  
  a0c572aed94e782b652ddae883bf0511010147f41fdbb29b0c69182c8979eff351d33d7f0a270a3d1bba22e4a59b6651b6ce6f65c13bc77cbe0bad5e6132b18c
- SSDEEP
  
  1536:eZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:oBounVyFHpfMqqDL2/Lkvd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2