General
-
Target
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
-
Size
139KB
-
Sample
220128-wd4h7ahfek
-
MD5
5f0cadac003b971e92b2626dc8234524
-
SHA1
89db7729b749f8d57aa93aa55aade992725f51c3
-
SHA256
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
-
SHA512
eebaf8d6b6e1c0b14d1d7e741a28f555de23553367b127454803212fc2373fc14f4c83b2392c4ddf899293abecb3c2abb5906254223c132a08e56f18a0a855aa
Static task
static1
Behavioral task
behavioral1
Sample
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\VEGXBQ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/209d311687e62be3
Extracted
C:\HETHDZYR-DECRYPT.txt
http://gandcrabmfe6mnef.onion/1365fff1a9d7ccea
Targets
-
-
Target
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
-
Size
139KB
-
MD5
5f0cadac003b971e92b2626dc8234524
-
SHA1
89db7729b749f8d57aa93aa55aade992725f51c3
-
SHA256
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
-
SHA512
eebaf8d6b6e1c0b14d1d7e741a28f555de23553367b127454803212fc2373fc14f4c83b2392c4ddf899293abecb3c2abb5906254223c132a08e56f18a0a855aa
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-