General
-
Target
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e
-
Size
194KB
-
Sample
210616-ywcqf8hays
-
MD5
c1b8bea674020ad71f3e68734231e3ef
-
SHA1
8239ff8c3248dd084653560e448857b6428f4e7e
-
SHA256
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e
-
SHA512
3ad4ca3d51b0491eef483e5f16ca3f6205cb81d793430e6f368aee0c967e28299ea19bac3732b6ff03f3dbffe3e2a5eb9cd525d7dd5fe64dbd5fd6d4d9cb3e4d
Static task
static1
Behavioral task
behavioral1
Sample
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e.exe
Resource
win10v20210408
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/89bf8e5b77f745ce
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/fe4944ecf52cb1a
Targets
-
-
Target
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e
-
Size
194KB
-
MD5
c1b8bea674020ad71f3e68734231e3ef
-
SHA1
8239ff8c3248dd084653560e448857b6428f4e7e
-
SHA256
4091865e279525545484caf09f8f9930dd9afb7397fa5d694b51531b5527688e
-
SHA512
3ad4ca3d51b0491eef483e5f16ca3f6205cb81d793430e6f368aee0c967e28299ea19bac3732b6ff03f3dbffe3e2a5eb9cd525d7dd5fe64dbd5fd6d4d9cb3e4d
Score10/10-
GandCrab Payload
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-