General
-
Target
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
-
Size
139KB
-
Sample
220128-wdngzahfcp
-
MD5
a9dbdfa4af98af0b90a995a1ee451b64
-
SHA1
4af5cafaf29bfb7fc80958c20010d7f930d2c259
-
SHA256
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
-
SHA512
fbd409d7b4cbd8d573f895e32a9913e2898b0342dadc29d73509a92feeb9079f08f95ecf68e845be2c2dc329c8b9c021787ebbfac88fd12d8649c15903210e8d
Static task
static1
Behavioral task
behavioral1
Sample
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\WWHWRREFK-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d5a06000e7ec11a5
Extracted
C:\HGVJKZBAD-DECRYPT.txt
http://gandcrabmfe6mnef.onion/b386c3bb4719bcbb
Targets
-
-
Target
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
-
Size
139KB
-
MD5
a9dbdfa4af98af0b90a995a1ee451b64
-
SHA1
4af5cafaf29bfb7fc80958c20010d7f930d2c259
-
SHA256
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
-
SHA512
fbd409d7b4cbd8d573f895e32a9913e2898b0342dadc29d73509a92feeb9079f08f95ecf68e845be2c2dc329c8b9c021787ebbfac88fd12d8649c15903210e8d
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-