General
-
Target
2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe
-
Size
656KB
-
Sample
211020-ly8njaghc2
-
MD5
538d23ef01426d1157fa1137471a5cf7
-
SHA1
ab553df2bb4f7f8d98cc39ac773aaaa1c7ca110f
-
SHA256
af8e74d00babaae01b6f3b137cff7b6a6951456c66ffa95122695dad6c7b41a9
-
SHA512
9df42f3c39a8982bc77c82010509c3e98cc56c2d71c6f5f20274c0fbde17c58607d9579877983e2239d30fd60be14402b2b9e3d9295168a3cc8d31ac8f4a1111
Static task
static1
Behavioral task
behavioral1
Sample
2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\KSPREIW-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/9dd5ac38f623035
Targets
-
-
Target
2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe
-
Size
656KB
-
MD5
538d23ef01426d1157fa1137471a5cf7
-
SHA1
ab553df2bb4f7f8d98cc39ac773aaaa1c7ca110f
-
SHA256
af8e74d00babaae01b6f3b137cff7b6a6951456c66ffa95122695dad6c7b41a9
-
SHA512
9df42f3c39a8982bc77c82010509c3e98cc56c2d71c6f5f20274c0fbde17c58607d9579877983e2239d30fd60be14402b2b9e3d9295168a3cc8d31ac8f4a1111
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-