General
-
Target
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2.sample
-
Size
471KB
-
Sample
210726-6trmjvfj4s
-
MD5
335859768d9a489eab3e3cbd157fb98f
-
SHA1
18c379b521788fc610623129ec3960de0f15f19d
-
SHA256
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2
-
SHA512
69576fa9a499ce667b011a9108c4cd9c276992709b89d930bb6bb8afbf28adf696faa391e7a1e928414a573f549dcccf43c91862a7017be914bcb1f10fea206c
Static task
static1
Behavioral task
behavioral1
Sample
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\HBTFGVFTN-DECRYPT.txt
http://gandcrabmfe6mnef.onion/bea656dae863e17b
Extracted
C:\HJJIJB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/482c857a8ea94c62
Targets
-
-
Target
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2.sample
-
Size
471KB
-
MD5
335859768d9a489eab3e3cbd157fb98f
-
SHA1
18c379b521788fc610623129ec3960de0f15f19d
-
SHA256
9b5b364a32c759ada38bdc4cbfaad3ed8dc333f87796e27eef52a96d43c821a2
-
SHA512
69576fa9a499ce667b011a9108c4cd9c276992709b89d930bb6bb8afbf28adf696faa391e7a1e928414a573f549dcccf43c91862a7017be914bcb1f10fea206c
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-