gandcrab | b76fb3e15b9d03b82382adeea2aa38655ba5d69729e8504a5cf145dac412247a | Triage

Sharing

General

Target

f6d3e8634245afefc444e9129290b1c6_JaffaCakes118
Size

70KB
Sample

240925-zkf81sxapm
MD5

f6d3e8634245afefc444e9129290b1c6
SHA1

df39dcad5f1e4313eb677d614ba8042a456c63a9
SHA256

b76fb3e15b9d03b82382adeea2aa38655ba5d69729e8504a5cf145dac412247a
SHA512

62bc40f1c9b7043426b0476b3a3a4e42d9870e1f89053a524333fe3fe53b1819578812f6bb8dd90cbe22d9d2b826e982c690ddb97edc8973bc942e1a5bdca63f
SSDEEP

1536:+ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:dd5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  f6d3e8634245afefc444e9129290b1c6_JaffaCakes118
- Size
  
  70KB
- MD5
  
  f6d3e8634245afefc444e9129290b1c6
- SHA1
  
  df39dcad5f1e4313eb677d614ba8042a456c63a9
- SHA256
  
  b76fb3e15b9d03b82382adeea2aa38655ba5d69729e8504a5cf145dac412247a
- SHA512
  
  62bc40f1c9b7043426b0476b3a3a4e42d9870e1f89053a524333fe3fe53b1819578812f6bb8dd90cbe22d9d2b826e982c690ddb97edc8973bc942e1a5bdca63f
- SSDEEP
  
  1536:+ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:dd5BJHMqqDL2/Ovvdr
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence