General
-
Target
sample1.zip
-
Size
80KB
-
Sample
211201-lvc3fsbccn
-
MD5
2c112897a40cafed56cb84522a5daaf7
-
SHA1
4b1ced5dc5f01133a0bfc925b66fe34a3bf9e975
-
SHA256
d291fc899f31591a3acdd91c7f0f5199384e2b587234157a0c0ec9d05e93cefd
-
SHA512
233c075be1f25f8029ff477097812ab9623e9d50531342c33003f2471212178575a38b9c3a3df8aeaf855bd538e7aee5f7923ee238f94adef1683d7401c974b8
Static task
static1
Behavioral task
behavioral1
Sample
872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.sample.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.sample.exe
Resource
win11
Malware Config
Extracted
C:\WEPRIDXIGW-DECRYPT.txt
http://gandcrabmfe6mnef.onion/22df37f3c93747ab
Extracted
C:\FLTGR-DECRYPT.txt
http://gandcrabmfe6mnef.onion/fe81d992670adcfa
Extracted
C:\XQDKVZOTGZ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/97f308a3e5f4a4c0
Targets
-
-
Target
872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f.sample
-
Size
168KB
-
MD5
700a4f7ed40dd9ac29891c2ec3d4bef7
-
SHA1
1546e3bbe9eb3e6b185097226bb758d98a207429
-
SHA256
872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f
-
SHA512
1b615297f445eb4c3909e46191834450191b6e9716a83c380a02db6566dd96431f6e2271c01508d3f271af0b4fbfff31b485e1fc6bf952a4b2177aa41fb65c0a
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-