gandcrab | 53f1c69fb935b68edcabdcc9c9f40ddb6b064363de7ee09c1ee0054ad898c7fb | Triage

Sharing

General

Target

ce8b040ff0e0981dc14972016b0ecaa0_JaffaCakes118
Size

69KB
Sample

240906-d1k19atdnn
MD5

ce8b040ff0e0981dc14972016b0ecaa0
SHA1

63de35bf17c4f4be499efb7d4ef380022858be9a
SHA256

53f1c69fb935b68edcabdcc9c9f40ddb6b064363de7ee09c1ee0054ad898c7fb
SHA512

34b4f82f6149adc7f3ee763ffaa30e04533862fc8b05783009631cb645ecb86ee5a42100df1f4326495b0a00fc846f5ceb5c101c8732452e727d2478ca883f66
SSDEEP

1536:JZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:1BounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  ce8b040ff0e0981dc14972016b0ecaa0_JaffaCakes118
- Size
  
  69KB
- MD5
  
  ce8b040ff0e0981dc14972016b0ecaa0
- SHA1
  
  63de35bf17c4f4be499efb7d4ef380022858be9a
- SHA256
  
  53f1c69fb935b68edcabdcc9c9f40ddb6b064363de7ee09c1ee0054ad898c7fb
- SHA512
  
  34b4f82f6149adc7f3ee763ffaa30e04533862fc8b05783009631cb645ecb86ee5a42100df1f4326495b0a00fc846f5ceb5c101c8732452e727d2478ca883f66
- SSDEEP
  
  1536:JZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:1BounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence