General
-
Target
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
-
Size
139KB
-
Sample
220128-vt9jpshdc6
-
MD5
96258da069bd066a234cdf33289fbd87
-
SHA1
eda2b95034a45bfb38bf03b3756c9d130c3bce88
-
SHA256
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
-
SHA512
bcd57134f8ee66a320dbf02b92910a10363a0678ed9f87b565dc526eaf9ec4a6985e0a21bf6d4019a7523c67131baa4fe0d80d85db99a99f27857a465ecdf712
Static task
static1
Behavioral task
behavioral1
Sample
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\CMUAEQMUJV-DECRYPT.txt
http://gandcrabmfe6mnef.onion/13cdb334f2e19689
Extracted
C:\UWDGHM-DECRYPT.txt
http://gandcrabmfe6mnef.onion/ec83e82637b85dbd
Targets
-
-
Target
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
-
Size
139KB
-
MD5
96258da069bd066a234cdf33289fbd87
-
SHA1
eda2b95034a45bfb38bf03b3756c9d130c3bce88
-
SHA256
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
-
SHA512
bcd57134f8ee66a320dbf02b92910a10363a0678ed9f87b565dc526eaf9ec4a6985e0a21bf6d4019a7523c67131baa4fe0d80d85db99a99f27857a465ecdf712
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-