General

  • Target

    8dad424addb70e3cca4ac059a954934c_JaffaCakes118

  • Size

    302KB

  • Sample

    240602-lylh1aae58

  • MD5

    8dad424addb70e3cca4ac059a954934c

  • SHA1

    784899ac5bd24102a60b3e1aef07997cc6f8c87c

  • SHA256

    df9f17fe77dfe2b670bfc9802a483e53e6bcbd703cc9e60064d0d591fcb2a0ad

  • SHA512

    6843e5b38375667086c889a5baff645a3d6c8c8e9f351ff1e25fe8be16c7d8d7993fa767da20ded1d866983fbed424a0bd364fa2c53528433666b22f52f3c600

  • SSDEEP

    3072:mBA/6WEMymdhdmledaPvl2mAg0FujcSzZ83vPudl1wpMICzTQk6gnEi1UAJ9urHz:OsYMcBHAO4yZX/vQk6gEQUAJ9h6CcjL

Malware Config

Targets

    • Target

      8dad424addb70e3cca4ac059a954934c_JaffaCakes118

    • Size

      302KB

    • MD5

      8dad424addb70e3cca4ac059a954934c

    • SHA1

      784899ac5bd24102a60b3e1aef07997cc6f8c87c

    • SHA256

      df9f17fe77dfe2b670bfc9802a483e53e6bcbd703cc9e60064d0d591fcb2a0ad

    • SHA512

      6843e5b38375667086c889a5baff645a3d6c8c8e9f351ff1e25fe8be16c7d8d7993fa767da20ded1d866983fbed424a0bd364fa2c53528433666b22f52f3c600

    • SSDEEP

      3072:mBA/6WEMymdhdmledaPvl2mAg0FujcSzZ83vPudl1wpMICzTQk6gnEi1UAJ9urHz:OsYMcBHAO4yZX/vQk6gEQUAJ9h6CcjL

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks