General

  • Target

    95c46f5c597084196911a309bc15e878_JaffaCakes118

  • Size

    321KB

  • Sample

    240604-wl4h6afc49

  • MD5

    95c46f5c597084196911a309bc15e878

  • SHA1

    4d24d8fe28d22b36e31d9be822c3d2005b4c49b5

  • SHA256

    40008cbb7c827f74cbba7dd50c5ebcc0da3a06c4d669c96b97977ddd4fb50277

  • SHA512

    2137dea3d9878f40be2f757665fa5681a9dd5d327c1e69a127e041a2595cbbc867e4482d0da576cd59334680edb6e1fa27f70ab06bef494320d66e4d1ee71f70

  • SSDEEP

    6144:NfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzK:NfwDz1+q4Hsi+

Malware Config

Targets

    • Target

      95c46f5c597084196911a309bc15e878_JaffaCakes118

    • Size

      321KB

    • MD5

      95c46f5c597084196911a309bc15e878

    • SHA1

      4d24d8fe28d22b36e31d9be822c3d2005b4c49b5

    • SHA256

      40008cbb7c827f74cbba7dd50c5ebcc0da3a06c4d669c96b97977ddd4fb50277

    • SHA512

      2137dea3d9878f40be2f757665fa5681a9dd5d327c1e69a127e041a2595cbbc867e4482d0da576cd59334680edb6e1fa27f70ab06bef494320d66e4d1ee71f70

    • SSDEEP

      6144:NfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzK:NfwDz1+q4Hsi+

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks