General
-
Target
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
-
Size
139KB
-
Sample
220128-1bhadsedd9
-
MD5
20bdad92eb281bdee8436d835c401b4b
-
SHA1
beed14a76dedc09818a89ecf8ad9465ca566700b
-
SHA256
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
-
SHA512
ecbb61ea439eb23cbd5406dcbbe7439de8b7b8c8218c758e518ee60a9782cdbbbe78d724685d919f4ae75880a451cb25a3bb2a9700f7f23b6b40bfad6613bcd0
Static task
static1
Behavioral task
behavioral1
Sample
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\JUHRPJIDWQ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/57063f9050324b19
Extracted
C:\JBLUDPH-DECRYPT.txt
http://gandcrabmfe6mnef.onion/78c4765bcd40ed63
Targets
-
-
Target
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
-
Size
139KB
-
MD5
20bdad92eb281bdee8436d835c401b4b
-
SHA1
beed14a76dedc09818a89ecf8ad9465ca566700b
-
SHA256
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
-
SHA512
ecbb61ea439eb23cbd5406dcbbe7439de8b7b8c8218c758e518ee60a9782cdbbbe78d724685d919f4ae75880a451cb25a3bb2a9700f7f23b6b40bfad6613bcd0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-