General
-
Target
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
-
Size
139KB
-
Sample
220128-vs6fnahacm
-
MD5
e66baf5880f9749f87acc02e35a0bf33
-
SHA1
d12198f570ca3c1febe9974d4ce7934e71458144
-
SHA256
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
-
SHA512
e4b857fb1f786e990eaef6f7c728ef54dc34a676bb8dec09255d8502e2601e0184913e7de463c7881eb6fb29632639dcc3c12984cb5a472a6f36bc0288e199a7
Static task
static1
Behavioral task
behavioral1
Sample
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\XSRSPX-DECRYPT.txt
http://gandcrabmfe6mnef.onion/adaf9d71dc371955
Extracted
C:\HJQNL-DECRYPT.txt
http://gandcrabmfe6mnef.onion/bf4132b42e7da76c
Targets
-
-
Target
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
-
Size
139KB
-
MD5
e66baf5880f9749f87acc02e35a0bf33
-
SHA1
d12198f570ca3c1febe9974d4ce7934e71458144
-
SHA256
ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
-
SHA512
e4b857fb1f786e990eaef6f7c728ef54dc34a676bb8dec09255d8502e2601e0184913e7de463c7881eb6fb29632639dcc3c12984cb5a472a6f36bc0288e199a7
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-