General
-
Target
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2
-
Size
168KB
-
Sample
210616-ss9awamfae
-
MD5
024e1a53342da10feb5355791b54fea1
-
SHA1
166903446183914166529278790555b6a9f455b9
-
SHA256
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2
-
SHA512
5dacd247d46387f6b4ac47b28c14857b3f8b0a610460d9d75aa99b554285b8e601e6dda7eaee81c4b7fb826884d1781c2ed47c962db703e1423ad4845f6b3c87
Static task
static1
Behavioral task
behavioral1
Sample
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2.exe
Resource
win10v20210410
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/c17ad45d64879341
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d0978a417d8c7fd3
Targets
-
-
Target
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2
-
Size
168KB
-
MD5
024e1a53342da10feb5355791b54fea1
-
SHA1
166903446183914166529278790555b6a9f455b9
-
SHA256
4be53abbc3663773fba73cc579d2320fd605fc5e9526004cb16ea6c0188193d2
-
SHA512
5dacd247d46387f6b4ac47b28c14857b3f8b0a610460d9d75aa99b554285b8e601e6dda7eaee81c4b7fb826884d1781c2ed47c962db703e1423ad4845f6b3c87
Score10/10-
GandCrab Payload
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-