General
-
Target
e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
-
Size
160KB
-
Sample
220128-wbcyfshefm
-
MD5
69996b52ec0785a47c09fc8c8127c63c
-
SHA1
4e3757f8193c5f7174bda0728cc8249f74405e57
-
SHA256
e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
-
SHA512
f6b59e8fade9876e52a061256faf8e9bdd3cf15167101ade18b5b0351c3aff2a677b98f1fed85af3e6633483b154912cdc01345064a0f0cc697a0b93fdac6413
Malware Config
Targets
-
-
Target
e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
-
Size
160KB
-
MD5
69996b52ec0785a47c09fc8c8127c63c
-
SHA1
4e3757f8193c5f7174bda0728cc8249f74405e57
-
SHA256
e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
-
SHA512
f6b59e8fade9876e52a061256faf8e9bdd3cf15167101ade18b5b0351c3aff2a677b98f1fed85af3e6633483b154912cdc01345064a0f0cc697a0b93fdac6413
Score10/10-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-