General
-
Target
1164e122800fda5ad79d422710877fd9767d44a15e69f3c28e9563ff3e752157.sample
-
Size
121KB
-
Sample
210726-hca1byw682
-
MD5
da301085de77edb94e279c81bcbeb65e
-
SHA1
d35f76c16b7665bf7e3f412250ebc4f38670697f
-
SHA256
1164e122800fda5ad79d422710877fd9767d44a15e69f3c28e9563ff3e752157
-
SHA512
00526408f5d2557080d00ae31d3448bb54c367ab3f23aaf830cfbeca9261a30292e0f95899ebe529e3a2712e5b2333765daa73a3f51817b185cdace6b0a1af3e
Static task
static1
Behavioral task
behavioral1
Sample
1164e122800fda5ad79d422710877fd9767d44a15e69f3c28e9563ff3e752157.sample.exe
Resource
win7v20210410
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/7cdb61ddedc3b851
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d5cbddfa99bd0cb4
Targets
-
-
Target
1164e122800fda5ad79d422710877fd9767d44a15e69f3c28e9563ff3e752157.sample
-
Size
121KB
-
MD5
da301085de77edb94e279c81bcbeb65e
-
SHA1
d35f76c16b7665bf7e3f412250ebc4f38670697f
-
SHA256
1164e122800fda5ad79d422710877fd9767d44a15e69f3c28e9563ff3e752157
-
SHA512
00526408f5d2557080d00ae31d3448bb54c367ab3f23aaf830cfbeca9261a30292e0f95899ebe529e3a2712e5b2333765daa73a3f51817b185cdace6b0a1af3e
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-