General

  • Target

    938eaac63817be30c17978c36a14d45d_JaffaCakes118

  • Size

    312KB

  • Sample

    240604-ehj7nscc7w

  • MD5

    938eaac63817be30c17978c36a14d45d

  • SHA1

    7e5c44b5e4902be84203aca41207bd265de8c6e0

  • SHA256

    c935594e2d39435daa0b1aa4e8bcd2783317beb4a5c6575991ed9db7c79695c9

  • SHA512

    c4e601b0c6a1ce72191a5d27bb0fe265a54fc1e22aab1ffbc292bb763fece260e0186bdabc7076a4c15a5faa211bbb6e2e14e189bd3d4bcf1eb7134ce5d44c46

  • SSDEEP

    3072:ob9chCbs07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmovd:o3s0DwyemtpnFD/c7QUA32bNTFeHDt

Malware Config

Targets

    • Target

      938eaac63817be30c17978c36a14d45d_JaffaCakes118

    • Size

      312KB

    • MD5

      938eaac63817be30c17978c36a14d45d

    • SHA1

      7e5c44b5e4902be84203aca41207bd265de8c6e0

    • SHA256

      c935594e2d39435daa0b1aa4e8bcd2783317beb4a5c6575991ed9db7c79695c9

    • SHA512

      c4e601b0c6a1ce72191a5d27bb0fe265a54fc1e22aab1ffbc292bb763fece260e0186bdabc7076a4c15a5faa211bbb6e2e14e189bd3d4bcf1eb7134ce5d44c46

    • SSDEEP

      3072:ob9chCbs07hdRhduItP/emDHBNTXn7BS4FI0rzBNZ237Qct7PX432gwbNTfSmovd:o3s0DwyemtpnFD/c7QUA32bNTFeHDt

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks