Extracted

• • Target

    b6a47fd5a74326b86fa1eac0ace7c821_JaffaCakes118

  • Size

    257KB

  • MD5

    b6a47fd5a74326b86fa1eac0ace7c821

  • SHA1

    08c5d456c3394d851a569d50342a7e06ce508042

  • SHA256

    052a7544e45619190ee911406cdaff1708951c9d0a4070a5f7a69cc541f2e558

  • SHA512

    c61ba4f4d677c0106a0eb8b6ed00c85b9d7797773e4e2ecca216cd3f129c5909b7bccf412657f3dbed017410347180d16ab016908fdbb60e9289385d4c458a11

  • SSDEEP

    6144:t6HHCCm8dRs8UY2KJRZVBY3Vw48b7MA8UPDCcGGWyol8:tUHCudRs8UYRRZVBYlJ67L8MCcGGWyou

  Score

  10^/10

  gandcrabbackdoorpersistenceransomware

  • GandCrab payload

  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2