Overview

overview

10

Static

static

3

de8d4faf87...18.exe

windows7-x64

10

de8d4faf87...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de8d4faf875306c64e98a7393a397e6b_JaffaCakes118

  • Size

    283KB

  • Sample

    240913-vrt18syhjc

  • MD5

    de8d4faf875306c64e98a7393a397e6b

  • SHA1

    866dd2530f9900d3b30f06f2d6e3387579d5e0ef

  • SHA256

    65ec6bc6bb4cae79f484dd26f3e17529bdc711499c72121740cf5daa12c6cd9a

  • SHA512

    8b53dfe84c5d611ddfc455344534714163f2604e9de23be0c0e0792b5fc0d3b93aa26300c32a453b0ceac97ff593c2326f1fe87dc60c58ed9cfb7150d7ad87d2

  • SSDEEP

    6144:Di4CiCJYfhrtA5Vc3/t7oNX0f3PgrB8hnvtD:DZP1tA5Au6lR

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      de8d4faf875306c64e98a7393a397e6b_JaffaCakes118

    • Size

      283KB

    • MD5

      de8d4faf875306c64e98a7393a397e6b

    • SHA1

      866dd2530f9900d3b30f06f2d6e3387579d5e0ef

    • SHA256

      65ec6bc6bb4cae79f484dd26f3e17529bdc711499c72121740cf5daa12c6cd9a

    • SHA512

      8b53dfe84c5d611ddfc455344534714163f2604e9de23be0c0e0792b5fc0d3b93aa26300c32a453b0ceac97ff593c2326f1fe87dc60c58ed9cfb7150d7ad87d2

    • SSDEEP

      6144:Di4CiCJYfhrtA5Vc3/t7oNX0f3PgrB8hnvtD:DZP1tA5Au6lR

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks