gandcrab | 1c4cdeccd86cca35608ddd3842ae03ce67027ef00c0c970c81fd4fd3e8d11e51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72ce87aa9a55e7c77d96c18966239b23_JaffaCakes118
Size

70KB
Sample

240525-wpnl4sdc74
MD5

72ce87aa9a55e7c77d96c18966239b23
SHA1

f92af9ce6fd92ab1428beef493b93261e88de8bf
SHA256

1c4cdeccd86cca35608ddd3842ae03ce67027ef00c0c970c81fd4fd3e8d11e51
SHA512

0fad15ca46085abb327ce9760b92b5ddb222eaed443d565de3a7e0b08b0d76bdc92297adebb36e2387fb1d56dc0fe5ee1c3ccb7d4f86652967c0db172dd11bce
SSDEEP

1536:XZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:+d5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  72ce87aa9a55e7c77d96c18966239b23_JaffaCakes118
- Size
  
  70KB
- MD5
  
  72ce87aa9a55e7c77d96c18966239b23
- SHA1
  
  f92af9ce6fd92ab1428beef493b93261e88de8bf
- SHA256
  
  1c4cdeccd86cca35608ddd3842ae03ce67027ef00c0c970c81fd4fd3e8d11e51
- SHA512
  
  0fad15ca46085abb327ce9760b92b5ddb222eaed443d565de3a7e0b08b0d76bdc92297adebb36e2387fb1d56dc0fe5ee1c3ccb7d4f86652967c0db172dd11bce
- SSDEEP
  
  1536:XZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:+d5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2