Overview

overview

10

Static

static

3

b6a47fd5a7...18.exe

windows7-x64

10

b6a47fd5a7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6a47fd5a74326b86fa1eac0ace7c821_JaffaCakes118

  • Size

    257KB

  • Sample

    240617-eh4w3stakb

  • MD5

    b6a47fd5a74326b86fa1eac0ace7c821

  • SHA1

    08c5d456c3394d851a569d50342a7e06ce508042

  • SHA256

    052a7544e45619190ee911406cdaff1708951c9d0a4070a5f7a69cc541f2e558

  • SHA512

    c61ba4f4d677c0106a0eb8b6ed00c85b9d7797773e4e2ecca216cd3f129c5909b7bccf412657f3dbed017410347180d16ab016908fdbb60e9289385d4c458a11

  • SSDEEP

    6144:t6HHCCm8dRs8UY2KJRZVBY3Vw48b7MA8UPDCcGGWyol8:tUHCudRs8UYRRZVBYlJ67L8MCcGGWyou

Score
10/10
gandcrabbackdoorpersistenceransomware

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      b6a47fd5a74326b86fa1eac0ace7c821_JaffaCakes118

    • Size

      257KB

    • MD5

      b6a47fd5a74326b86fa1eac0ace7c821

    • SHA1

      08c5d456c3394d851a569d50342a7e06ce508042

    • SHA256

      052a7544e45619190ee911406cdaff1708951c9d0a4070a5f7a69cc541f2e558

    • SHA512

      c61ba4f4d677c0106a0eb8b6ed00c85b9d7797773e4e2ecca216cd3f129c5909b7bccf412657f3dbed017410347180d16ab016908fdbb60e9289385d4c458a11

    • SSDEEP

      6144:t6HHCCm8dRs8UY2KJRZVBY3Vw48b7MA8UPDCcGGWyol8:tUHCudRs8UYRRZVBYlJ67L8MCcGGWyou

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks