General
-
Target
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
-
Size
324KB
-
Sample
220128-2lfpzsfgc3
-
MD5
2ee84dfc015d82a3145ba51d1b3b3a73
-
SHA1
d5302a7e33ac3de291ab7ac6185af3fa0a0c6e7a
-
SHA256
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
-
SHA512
65d47b21e886e66aaf0c8389d07891fe4beea6a3c9cb5c0be8458675470d99dbf785c8ace4e7055e75565a3306d7ab50a99285f741f5f8ccb7dd0d6dee4fda24
Static task
static1
Behavioral task
behavioral1
Sample
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\JTSLZMWE-DECRYPT.txt
http://gandcrabmfe6mnef.onion/e6a9300dbb224b39
Extracted
C:\IRBUAUQ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/fcad6a9917f6de99
Targets
-
-
Target
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
-
Size
324KB
-
MD5
2ee84dfc015d82a3145ba51d1b3b3a73
-
SHA1
d5302a7e33ac3de291ab7ac6185af3fa0a0c6e7a
-
SHA256
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
-
SHA512
65d47b21e886e66aaf0c8389d07891fe4beea6a3c9cb5c0be8458675470d99dbf785c8ace4e7055e75565a3306d7ab50a99285f741f5f8ccb7dd0d6dee4fda24
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-