gandcrab | 129604be82cd7adc0751d71f0fb7ff6e33ae281e3c50426df2373d3d90882dab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0cdb6c68296002fc982e6634812a4c1_JaffaCakes118
Size

70KB
Sample

240914-xd722szakm
MD5

e0cdb6c68296002fc982e6634812a4c1
SHA1

36a3105134c558a91e10380321deff4a2324e89b
SHA256

129604be82cd7adc0751d71f0fb7ff6e33ae281e3c50426df2373d3d90882dab
SHA512

8d534c88ddf091edc8b268b5fd2bef52113772ca7bab768ab5171e643d306530178c669d32fad9cd90fea63ed6ecbb6ee69376552de6e71a0f8b6fcccce2eba1
SSDEEP

1536:+ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:dd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  e0cdb6c68296002fc982e6634812a4c1_JaffaCakes118
- Size
  
  70KB
- MD5
  
  e0cdb6c68296002fc982e6634812a4c1
- SHA1
  
  36a3105134c558a91e10380321deff4a2324e89b
- SHA256
  
  129604be82cd7adc0751d71f0fb7ff6e33ae281e3c50426df2373d3d90882dab
- SHA512
  
  8d534c88ddf091edc8b268b5fd2bef52113772ca7bab768ab5171e643d306530178c669d32fad9cd90fea63ed6ecbb6ee69376552de6e71a0f8b6fcccce2eba1
- SSDEEP
  
  1536:+ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:dd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence