General

  • Target

    82d3298c8ea8ce22ed9f334f136e158c_JaffaCakes118

  • Size

    73KB

  • Sample

    240530-dd219abh7t

  • MD5

    82d3298c8ea8ce22ed9f334f136e158c

  • SHA1

    41ea64276f7a9b40194d745157b9b6aed8587af8

  • SHA256

    f19b891818af3fc7b6d9646f4f4397913251dbc0a6a17d80484db31b69473e0b

  • SHA512

    18c9dbb5d8c2155dd59bac17548b2e6b6ca4e48b814a09414519619197623178f353ccfd23d61d85096418f0c6f164741ceeca1325237c2d352bfaeff9730190

  • SSDEEP

    1536:ZgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:ZMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

Score
10/10

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      82d3298c8ea8ce22ed9f334f136e158c_JaffaCakes118

    • Size

      73KB

    • MD5

      82d3298c8ea8ce22ed9f334f136e158c

    • SHA1

      41ea64276f7a9b40194d745157b9b6aed8587af8

    • SHA256

      f19b891818af3fc7b6d9646f4f4397913251dbc0a6a17d80484db31b69473e0b

    • SHA512

      18c9dbb5d8c2155dd59bac17548b2e6b6ca4e48b814a09414519619197623178f353ccfd23d61d85096418f0c6f164741ceeca1325237c2d352bfaeff9730190

    • SSDEEP

      1536:ZgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:ZMSjOnrmBbMqqMmr3IdE8we0Avu5r++N

    Score
    6/10
    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks