General
-
Target
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
-
Size
139KB
-
Sample
220128-v9bbvahebk
-
MD5
a1769e3e38249ea6f218f628cb551010
-
SHA1
550ac18adf059aa7b0816cc1e35931537504c779
-
SHA256
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
-
SHA512
37579023941fb5ac613539018312967b0a0230adaf3930510adda4501b12c123d93eacd462cdf32906b639966d90fe22d02878c47b550ec3dc94b5876e52dbd0
Static task
static1
Behavioral task
behavioral1
Sample
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\GUPWMFI-DECRYPT.txt
http://gandcrabmfe6mnef.onion/2b1b4595bf2a2391
Extracted
C:\OBJOOVKJD-DECRYPT.txt
http://gandcrabmfe6mnef.onion/82b6445f3394d0f9
Targets
-
-
Target
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
-
Size
139KB
-
MD5
a1769e3e38249ea6f218f628cb551010
-
SHA1
550ac18adf059aa7b0816cc1e35931537504c779
-
SHA256
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
-
SHA512
37579023941fb5ac613539018312967b0a0230adaf3930510adda4501b12c123d93eacd462cdf32906b639966d90fe22d02878c47b550ec3dc94b5876e52dbd0
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-