General

  • Target

    7e4bf4bf57f43dafedcca0b84e443ab8_JaffaCakes118

  • Size

    73KB

  • Sample

    240528-y9lz5acc55

  • MD5

    7e4bf4bf57f43dafedcca0b84e443ab8

  • SHA1

    b9aceaf0ad458c3f030a698a295c0c87a87270db

  • SHA256

    f05aac673ea577cde8df9fd1903ab3f8fcbefe7d8dbec1d21d8da1c503077235

  • SHA512

    b28c0d36d9326def162ef6cd8bec797a1210f60835374cf0d5625d9b31a43868b7419db758766c492742c80ede7d1397ac7e1eb97906841cf2ee7b6636603904

  • SSDEEP

    1536:HgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:HMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score
10/10

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      7e4bf4bf57f43dafedcca0b84e443ab8_JaffaCakes118

    • Size

      73KB

    • MD5

      7e4bf4bf57f43dafedcca0b84e443ab8

    • SHA1

      b9aceaf0ad458c3f030a698a295c0c87a87270db

    • SHA256

      f05aac673ea577cde8df9fd1903ab3f8fcbefe7d8dbec1d21d8da1c503077235

    • SHA512

      b28c0d36d9326def162ef6cd8bec797a1210f60835374cf0d5625d9b31a43868b7419db758766c492742c80ede7d1397ac7e1eb97906841cf2ee7b6636603904

    • SSDEEP

      1536:HgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:HMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

    Score
    6/10
    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks