General
-
Target
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3
-
Size
128KB
-
Sample
220128-v56xyshddj
-
MD5
7827adb7d47dd3d8af3fc9e545a53fca
-
SHA1
5bec47ca61e2dcb6bebe239512d0a9bce21abd09
-
SHA256
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3
-
SHA512
e037af54c2fd983cbe8a12655b72d3fdef71c881b41ffd91848efa4ba2ee7801f3e8a817769bbc8d2d7b32a457e6bba6097fcfaa1bf67b86fb852b5e7a9a2c22
Static task
static1
Behavioral task
behavioral1
Sample
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/41b7fc2bdb4153d7
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/48a2c19ec0956c03
Targets
-
-
Target
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3
-
Size
128KB
-
MD5
7827adb7d47dd3d8af3fc9e545a53fca
-
SHA1
5bec47ca61e2dcb6bebe239512d0a9bce21abd09
-
SHA256
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3
-
SHA512
e037af54c2fd983cbe8a12655b72d3fdef71c881b41ffd91848efa4ba2ee7801f3e8a817769bbc8d2d7b32a457e6bba6097fcfaa1bf67b86fb852b5e7a9a2c22
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-