General

  • Target

    921e5cca8ad415390fc230873fbee5df_JaffaCakes118

  • Size

    97KB

  • Sample

    240603-rvh7csah25

  • MD5

    921e5cca8ad415390fc230873fbee5df

  • SHA1

    4df4eec7291f9d41e435832276708900f26ad9b8

  • SHA256

    594955198614f4d1b99da6088e49a9b9842335265585cef50d1620f7548fa681

  • SHA512

    dc422e1e00ad8872cfedd8d469e8a49f967fb1d70d7a2cc400fd416adfe07597de090d87e7e63dac02f779330eec92b6baaa6a3901be429b5a9fd6cb4d87cb8d

  • SSDEEP

    1536:bZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:bBounVyFHFMqqDL2/LgHkc2

Malware Config

Targets

    • Target

      921e5cca8ad415390fc230873fbee5df_JaffaCakes118

    • Size

      97KB

    • MD5

      921e5cca8ad415390fc230873fbee5df

    • SHA1

      4df4eec7291f9d41e435832276708900f26ad9b8

    • SHA256

      594955198614f4d1b99da6088e49a9b9842335265585cef50d1620f7548fa681

    • SHA512

      dc422e1e00ad8872cfedd8d469e8a49f967fb1d70d7a2cc400fd416adfe07597de090d87e7e63dac02f779330eec92b6baaa6a3901be429b5a9fd6cb4d87cb8d

    • SSDEEP

      1536:bZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:bBounVyFHFMqqDL2/LgHkc2

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks