General
-
Target
fc43d639ba6ccea886c31aeb8fcac9a0_JaffaCakes118
-
Size
79KB
-
Sample
240928-paf56axfrf
-
MD5
fc43d639ba6ccea886c31aeb8fcac9a0
-
SHA1
f4b8f4baa67561fe82541c0f0ea46937bed40e4a
-
SHA256
de2fb10156d4852276992216e053a0c57fccf1e79051010ebf8299a4e9e253fb
-
SHA512
8d56948802c97e6b1aa261a67aa9d822a89d899733de647427983e501a739de1cb27c7773968e23d840cd59a7fff5e539452167a3ad94cbed074a0be25457eaf
-
SSDEEP
1536:lk+g1W4Pl/aoVhn3NmUOIesSY26vVrXfGX+2KAqJsoQz/goMEutHqkAH:d4Pl/aoVp39Xg+dXf8FKT4/VMx7A
Malware Config
Targets
-
-
Target
sample
-
Size
183KB
-
MD5
07fadb006486953439ce0092651fd7a6
-
SHA1
e42431d37561cc695de03b85e8e99c9e31321742
-
SHA256
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
-
SHA512
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
-
SSDEEP
3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
Score10/10-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (274) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1