Overview

overview

10

Static

static

3

bce7e4cfa9...18.exe

windows7-x64

10

bce7e4cfa9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bce7e4cfa9a078f50cfde463149e5695_JaffaCakes118

  • Size

    225KB

  • Sample

    241203-l8822s1jgv

  • MD5

    bce7e4cfa9a078f50cfde463149e5695

  • SHA1

    523ba95e18b45b4de729205416a8a840f5c04a30

  • SHA256

    fd8e2a796cdacde9d9db4f21d1a7582af52bb202d28dca6f8fe10e8f49d2fa58

  • SHA512

    57ffe8346f56cb61c80ad52e011ba9254a59dbcb3f2fd5bedb28478624bf41907c2e79320d224c90f920a1ac3895a94953e54531890102b2d517322295c13310

  • SSDEEP

    3072:hGvtF7cz+y0qhAosOt5C+vqZh29kuuLA/1bR05O5bTFeR/nYLKNa88Ti/J6:hGvttgdPsOtPvqWkuMm1baOaxonTi/J6

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      bce7e4cfa9a078f50cfde463149e5695_JaffaCakes118

    • Size

      225KB

    • MD5

      bce7e4cfa9a078f50cfde463149e5695

    • SHA1

      523ba95e18b45b4de729205416a8a840f5c04a30

    • SHA256

      fd8e2a796cdacde9d9db4f21d1a7582af52bb202d28dca6f8fe10e8f49d2fa58

    • SHA512

      57ffe8346f56cb61c80ad52e011ba9254a59dbcb3f2fd5bedb28478624bf41907c2e79320d224c90f920a1ac3895a94953e54531890102b2d517322295c13310

    • SSDEEP

      3072:hGvtF7cz+y0qhAosOt5C+vqZh29kuuLA/1bR05O5bTFeR/nYLKNa88Ti/J6:hGvttgdPsOtPvqWkuMm1baOaxonTi/J6

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks