General

  • Target

    019c15658de59da119e453fb0ad85a8b_JaffaCakes118

  • Size

    321KB

  • Sample

    240426-zcn9nace6v

  • MD5

    019c15658de59da119e453fb0ad85a8b

  • SHA1

    e9bfa8813807f8ccb4199135db923de260af3353

  • SHA256

    c6d64429e163bd862c900bfaf8f73ad4690907046c50e44cca5ca556c9071f01

  • SHA512

    287e42c7ba1428a4b60fc5ee6c44fa207fa3a8e20e57787ba91e06f1c4b4cdca0fa219e52e4f772579cb43ae96e1a5ea927c895d201c6c73a2b6190dd288b59c

  • SSDEEP

    6144:cfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzKLk:cfwDz1+q4Hsi+Lk

Malware Config

Targets

    • Target

      019c15658de59da119e453fb0ad85a8b_JaffaCakes118

    • Size

      321KB

    • MD5

      019c15658de59da119e453fb0ad85a8b

    • SHA1

      e9bfa8813807f8ccb4199135db923de260af3353

    • SHA256

      c6d64429e163bd862c900bfaf8f73ad4690907046c50e44cca5ca556c9071f01

    • SHA512

      287e42c7ba1428a4b60fc5ee6c44fa207fa3a8e20e57787ba91e06f1c4b4cdca0fa219e52e4f772579cb43ae96e1a5ea927c895d201c6c73a2b6190dd288b59c

    • SSDEEP

      6144:cfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzKLk:cfwDz1+q4Hsi+Lk

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks