General

  • Target

    7fc9f0fba08b7633cc9ed02b44ad24ae_JaffaCakes118

  • Size

    73KB

  • Sample

    240529-g88n3add3v

  • MD5

    7fc9f0fba08b7633cc9ed02b44ad24ae

  • SHA1

    bee6fc6cb0db4fcda4b0fcaf86278460bc786fb4

  • SHA256

    d4369262b0f74e13c652162343d6edfff7c696a480bc447731b1171f0b41e7fd

  • SHA512

    4fa0c1605b205f2fef055e8d28d587b6f346a857ac5e41072b4cee8ba4468730ec1c701190b072d6485847a44f51078edb20c2e9c130e0800b70a51aa427fc1b

  • SSDEEP

    1536:E55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:WMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h

Score
10/10

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      7fc9f0fba08b7633cc9ed02b44ad24ae_JaffaCakes118

    • Size

      73KB

    • MD5

      7fc9f0fba08b7633cc9ed02b44ad24ae

    • SHA1

      bee6fc6cb0db4fcda4b0fcaf86278460bc786fb4

    • SHA256

      d4369262b0f74e13c652162343d6edfff7c696a480bc447731b1171f0b41e7fd

    • SHA512

      4fa0c1605b205f2fef055e8d28d587b6f346a857ac5e41072b4cee8ba4468730ec1c701190b072d6485847a44f51078edb20c2e9c130e0800b70a51aa427fc1b

    • SSDEEP

      1536:E55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:WMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h

    Score
    6/10
    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks