General

  • Target

    915a65f6454abb500fb45eed10a9049d_JaffaCakes118

  • Size

    170KB

  • Sample

    240603-lxyryaaf7v

  • MD5

    915a65f6454abb500fb45eed10a9049d

  • SHA1

    fec6a781a66789f98f46abfc02d9e3046b8dd237

  • SHA256

    ba7cc79a6b9ee4973b90ce17f4552a6c8a869ebcda495109e7558788f5dd4581

  • SHA512

    ecaf77e8718ae4de5d79283a7d6c41dc9596437f51da8e0171a9f478557ccdb633df3b71e1d99fd46e05aa4abca52f5465bde7bb3ad2da80ec3ef8503b0df67f

  • SSDEEP

    3072:ERPI6YetSOYyM1PUVDAWpcB3/Az/O9xn6Ln+q7E/kfTOQ5N:ERNYmSlPdOO3/Y/Wyh7B7OQn

Malware Config

Targets

    • Target

      915a65f6454abb500fb45eed10a9049d_JaffaCakes118

    • Size

      170KB

    • MD5

      915a65f6454abb500fb45eed10a9049d

    • SHA1

      fec6a781a66789f98f46abfc02d9e3046b8dd237

    • SHA256

      ba7cc79a6b9ee4973b90ce17f4552a6c8a869ebcda495109e7558788f5dd4581

    • SHA512

      ecaf77e8718ae4de5d79283a7d6c41dc9596437f51da8e0171a9f478557ccdb633df3b71e1d99fd46e05aa4abca52f5465bde7bb3ad2da80ec3ef8503b0df67f

    • SSDEEP

      3072:ERPI6YetSOYyM1PUVDAWpcB3/Az/O9xn6Ln+q7E/kfTOQ5N:ERNYmSlPdOO3/Y/Wyh7B7OQn

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks