gandcrab | 8d23e97838b5491b02922371386ba5e87f1573e6c8e534a7d5526bacdac2f3f8 | Triage

Sharing

General

Target

ea9b7685ed59341334fa1c601e5010c3_JaffaCakes118
Size

69KB
Sample

240919-fb9z7a1fpg
MD5

ea9b7685ed59341334fa1c601e5010c3
SHA1

54691f18582a7c942e52deae0d18af2f57d9d4ce
SHA256

8d23e97838b5491b02922371386ba5e87f1573e6c8e534a7d5526bacdac2f3f8
SHA512

74993c0218165a74635245dd9697c8a772c8621dfed110adf7bea7e47fadfd1318ea3b662758880042223a3f9b741f2ce260242fbe92b3157dbc9ce5398bbfab
SSDEEP

1536:9ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:hBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  ea9b7685ed59341334fa1c601e5010c3_JaffaCakes118
- Size
  
  69KB
- MD5
  
  ea9b7685ed59341334fa1c601e5010c3
- SHA1
  
  54691f18582a7c942e52deae0d18af2f57d9d4ce
- SHA256
  
  8d23e97838b5491b02922371386ba5e87f1573e6c8e534a7d5526bacdac2f3f8
- SHA512
  
  74993c0218165a74635245dd9697c8a772c8621dfed110adf7bea7e47fadfd1318ea3b662758880042223a3f9b741f2ce260242fbe92b3157dbc9ce5398bbfab
- SSDEEP
  
  1536:9ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:hBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence