Overview

overview

10

Static

static

3

JaffaCakes...07.exe

windows7-x64

10

JaffaCakes...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_aca82e949ab5af392482acacf334cb07

  • Size

    244KB

  • Sample

    250105-smpjvaxpdy

  • MD5

    aca82e949ab5af392482acacf334cb07

  • SHA1

    a74a1cd1bebc9952eeb4d9ece7938d7785299727

  • SHA256

    b56895ad77349d2e59946aa9abf61722715a1382e937e4176551dc285791623d

  • SHA512

    f982dfb3be1e2d689d83fab7c8579eeee8d7845a8f29b47ab092abcf1e30a6d96e5685c11240cc9915a8fc57479d6d59f291f180786e7b6dc26d3796d901bcc9

  • SSDEEP

    3072:WyQC2mC/zuw10GGQ++vroMTPjg/2Y2KfdkYq4vjC3IxbOaeOuMkBAOE6lLxSPNlm:jKuwvJUdkqjtbwqkmOVlLxSG

Score
10/10
gandcrabbackdoordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      JaffaCakes118_aca82e949ab5af392482acacf334cb07

    • Size

      244KB

    • MD5

      aca82e949ab5af392482acacf334cb07

    • SHA1

      a74a1cd1bebc9952eeb4d9ece7938d7785299727

    • SHA256

      b56895ad77349d2e59946aa9abf61722715a1382e937e4176551dc285791623d

    • SHA512

      f982dfb3be1e2d689d83fab7c8579eeee8d7845a8f29b47ab092abcf1e30a6d96e5685c11240cc9915a8fc57479d6d59f291f180786e7b6dc26d3796d901bcc9

    • SSDEEP

      3072:WyQC2mC/zuw10GGQ++vroMTPjg/2Y2KfdkYq4vjC3IxbOaeOuMkBAOE6lLxSPNlm:jKuwvJUdkqjtbwqkmOVlLxSG

    Score
    10/10
    gandcrabbackdoordiscoverypersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Gandcrab family

      gandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks