General
-
Target
e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
-
Size
191KB
-
Sample
220128-wap7dshgg9
-
MD5
7b29dfcc04993f4fa6445fc4f56fb7fd
-
SHA1
fed43f95450b0587759cc8b9218f81807db101e1
-
SHA256
e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
-
SHA512
c63c5c0ad5e4ef66a9904234bbec131eae45ab0a41e73ccd8bb80c70c8a0a4b90d1a9ca11ad5a513dc02905f3d2f4b5d84135f116f931ab8d13f11d677d6ae68
Static task
static1
Behavioral task
behavioral1
Sample
e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/93ed7bfc39514247
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/c21354a5b42f886a
Targets
-
-
Target
e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
-
Size
191KB
-
MD5
7b29dfcc04993f4fa6445fc4f56fb7fd
-
SHA1
fed43f95450b0587759cc8b9218f81807db101e1
-
SHA256
e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
-
SHA512
c63c5c0ad5e4ef66a9904234bbec131eae45ab0a41e73ccd8bb80c70c8a0a4b90d1a9ca11ad5a513dc02905f3d2f4b5d84135f116f931ab8d13f11d677d6ae68
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-