General
-
Target
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
-
Size
139KB
-
Sample
220128-w31tlaadcr
-
MD5
8e0ecc245f56f77e720c54f765cfa396
-
SHA1
30fbeb1a83800dd32bb17e1b302f475572cfd734
-
SHA256
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
-
SHA512
4b1c731a7bfe5252459fbe1c428375555de6f93aeb3fe3be4291f38bd1f0a71da9995e0a8896551ebdca40039290afb6254027c138e0154da6e4dde92b089514
Static task
static1
Behavioral task
behavioral1
Sample
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\LAIAXR-DECRYPT.txt
http://gandcrabmfe6mnef.onion/4caf04a6b51f9641
Extracted
C:\WFBAWA-DECRYPT.txt
http://gandcrabmfe6mnef.onion/2c209707288388ca
Targets
-
-
Target
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
-
Size
139KB
-
MD5
8e0ecc245f56f77e720c54f765cfa396
-
SHA1
30fbeb1a83800dd32bb17e1b302f475572cfd734
-
SHA256
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
-
SHA512
4b1c731a7bfe5252459fbe1c428375555de6f93aeb3fe3be4291f38bd1f0a71da9995e0a8896551ebdca40039290afb6254027c138e0154da6e4dde92b089514
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-