gandcrab | c29c545819bf556787d920164c5ad6ae9da655c62fa6b9ac2614bea4823e208e | Triage

Submit
Reports

Overview

overview

Static

static

b3c70a9d0c...18.exe

windows7-x64

6

b3c70a9d0c...18.exe

windows10-2004-x64

6

Sharing

General

Target

b3c70a9d0c3fe47f89a0ed6a4d7ca9ac_JaffaCakes118
Size

73KB
Sample

240616-qwdgtsvfkd
MD5

b3c70a9d0c3fe47f89a0ed6a4d7ca9ac
SHA1

6a27f0fc169bc443747f8d5f2aba80c1d3a6e0b5
SHA256

c29c545819bf556787d920164c5ad6ae9da655c62fa6b9ac2614bea4823e208e
SHA512

d3a68f381f78aaf82574aca1665bc7ad6b6b063caa8763f6d7ea58b949a17b5002d0c15d4d18feaa10f0ffd35512eaf7f859db97a2faf8ce02e1c2686f2dcdbc
SSDEEP

1536:Q55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:iMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h

Score

10^/10

gandcrab persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b3c70a9d0c3fe47f89a0ed6a4d7ca9ac_JaffaCakes118.exe

Resource

win7-20240611-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3c70a9d0c3fe47f89a0ed6a4d7ca9ac_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

- Target
  
  b3c70a9d0c3fe47f89a0ed6a4d7ca9ac_JaffaCakes118
- Size
  
  73KB
- MD5
  
  b3c70a9d0c3fe47f89a0ed6a4d7ca9ac
- SHA1
  
  6a27f0fc169bc443747f8d5f2aba80c1d3a6e0b5
- SHA256
  
  c29c545819bf556787d920164c5ad6ae9da655c62fa6b9ac2614bea4823e208e
- SHA512
  
  d3a68f381f78aaf82574aca1665bc7ad6b6b063caa8763f6d7ea58b949a17b5002d0c15d4d18feaa10f0ffd35512eaf7f859db97a2faf8ce02e1c2686f2dcdbc
- SSDEEP
  
  1536:Q55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:iMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy