gandcrab | 1e296fec8e08eb1496a35b489ec0f53b16bd43a5ae4de33cfd3f1664fdf7aa3f | Triage

Sharing

General

Target

808a037f1fe3dfc0552b1d8c69ff93a8_JaffaCakes118
Size

69KB
Sample

241030-269tkavkek
MD5

808a037f1fe3dfc0552b1d8c69ff93a8
SHA1

9bb666b01dbbbb8e6f6c6078156f76a05d2c34df
SHA256

1e296fec8e08eb1496a35b489ec0f53b16bd43a5ae4de33cfd3f1664fdf7aa3f
SHA512

d40361ba78f0c5112f023f96a82c2bb54cb58147567c093cc892b8869c29a3f102e713a7253a6778fc54ada7bfe36c6742b1e70ffca55b4ed806b8d936a65dfe
SSDEEP

1536:/ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:XBounVyFHpfMqqDL2/Lkvd

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  808a037f1fe3dfc0552b1d8c69ff93a8_JaffaCakes118
- Size
  
  69KB
- MD5
  
  808a037f1fe3dfc0552b1d8c69ff93a8
- SHA1
  
  9bb666b01dbbbb8e6f6c6078156f76a05d2c34df
- SHA256
  
  1e296fec8e08eb1496a35b489ec0f53b16bd43a5ae4de33cfd3f1664fdf7aa3f
- SHA512
  
  d40361ba78f0c5112f023f96a82c2bb54cb58147567c093cc892b8869c29a3f102e713a7253a6778fc54ada7bfe36c6742b1e70ffca55b4ed806b8d936a65dfe
- SSDEEP
  
  1536:/ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:XBounVyFHpfMqqDL2/Lkvd
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence