Overview

overview

10

Static

static

3

4cc6022962...18.exe

windows7-x64

10

4cc6022962...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4cc6022962d3329883a97e0c56fdac74_JaffaCakes118

  • Size

    258KB

  • Sample

    241016-pcxkxssejk

  • MD5

    4cc6022962d3329883a97e0c56fdac74

  • SHA1

    67befc30f375c3d91dfc662a55ab1eabb2616525

  • SHA256

    dae36f8338849e78668bcc852a32fc3d4797afa55c352873d6d7c4f244d71bf7

  • SHA512

    9d92f769f2514048a7c86ad70ecad829f7a443605c4acd39a0a8b3b46d6f8e1dba5103c09f63f886dae2a66b366e859aea6b77d7f75a82482a53e3f73de91c6a

  • SSDEEP

    6144:1f7Q4jqxi1HL8xm1e4lcEtM7appYNADniVSp+IZb:Npjqxip1R1tBESDniVSp+IZb

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      4cc6022962d3329883a97e0c56fdac74_JaffaCakes118

    • Size

      258KB

    • MD5

      4cc6022962d3329883a97e0c56fdac74

    • SHA1

      67befc30f375c3d91dfc662a55ab1eabb2616525

    • SHA256

      dae36f8338849e78668bcc852a32fc3d4797afa55c352873d6d7c4f244d71bf7

    • SHA512

      9d92f769f2514048a7c86ad70ecad829f7a443605c4acd39a0a8b3b46d6f8e1dba5103c09f63f886dae2a66b366e859aea6b77d7f75a82482a53e3f73de91c6a

    • SSDEEP

      6144:1f7Q4jqxi1HL8xm1e4lcEtM7appYNADniVSp+IZb:Npjqxip1R1tBESDniVSp+IZb

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks