gandcrab | bb991fca7c49a462e444ca4beea52b7efcdc2ceaa3fa8e675ee55984ac221ee0 | Triage

Sharing

General

Target

76b8ac4e354950ae184aad3ce40a3db7_JaffaCakes118
Size

69KB
Sample

240526-y5zenaah5z
MD5

76b8ac4e354950ae184aad3ce40a3db7
SHA1

c1a2b09436bce3b7eb15cb7e0810410f8efdd865
SHA256

bb991fca7c49a462e444ca4beea52b7efcdc2ceaa3fa8e675ee55984ac221ee0
SHA512

13f4356a85d190783aaf901643e87a6f1387d78b21ea8ec70ea7ef307946041c9a2c58728112b9cc03885f556b087388431c86604fa3f298aaf5c098e47f2588
SSDEEP

1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:nBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  76b8ac4e354950ae184aad3ce40a3db7_JaffaCakes118
- Size
  
  69KB
- MD5
  
  76b8ac4e354950ae184aad3ce40a3db7
- SHA1
  
  c1a2b09436bce3b7eb15cb7e0810410f8efdd865
- SHA256
  
  bb991fca7c49a462e444ca4beea52b7efcdc2ceaa3fa8e675ee55984ac221ee0
- SHA512
  
  13f4356a85d190783aaf901643e87a6f1387d78b21ea8ec70ea7ef307946041c9a2c58728112b9cc03885f556b087388431c86604fa3f298aaf5c098e47f2588
- SSDEEP
  
  1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:nBounVyFHpfMqqDL2/Lkvd
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2