General
-
Target
c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c
-
Size
139KB
-
Sample
220128-w14gpsachm
-
MD5
1de7f6df1f5cd88c36d79c2f0ce0e6b2
-
SHA1
b4c100becdb6ed88a26365fd233f9be622d69dd6
-
SHA256
c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c
-
SHA512
e51626b1986953a370cf59c7c1b16b414e8444b3aad4e6032bf5cbd1fcfb4a5de09a97986acf87d688a463fe8aacd2c4c8130d9fc352e3f431a24810d5d6652a
Static task
static1
Behavioral task
behavioral1
Sample
c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\LJBPWDTO-DECRYPT.txt
http://gandcrabmfe6mnef.onion/e39f09ceb45e7093
Extracted
C:\JPWICKPZJ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/e9859bb4317581
Targets
-
-
Target
c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c
-
Size
139KB
-
MD5
1de7f6df1f5cd88c36d79c2f0ce0e6b2
-
SHA1
b4c100becdb6ed88a26365fd233f9be622d69dd6
-
SHA256
c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c
-
SHA512
e51626b1986953a370cf59c7c1b16b414e8444b3aad4e6032bf5cbd1fcfb4a5de09a97986acf87d688a463fe8aacd2c4c8130d9fc352e3f431a24810d5d6652a
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-