General
-
Target
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
-
Size
139KB
-
Sample
220128-wlly4sabf9
-
MD5
21bfa1dc51db0926cf4a4cea27da1504
-
SHA1
4e7d6f64b433a21e81cea1dafb56a31fe9f85cad
-
SHA256
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
-
SHA512
f133dc5c6390720e6abc18af032d237104616fcb58d9583a13ff38db16cc5ef0037f4761eb80263e4113eea8d0a9c75799e04bf9ef090f8789ac8d68653bd3c6
Static task
static1
Behavioral task
behavioral1
Sample
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\PCPLSMQK-DECRYPT.txt
http://gandcrabmfe6mnef.onion/860e4d3e63d9e41e
Extracted
C:\EPEOYDIRYI-DECRYPT.txt
http://gandcrabmfe6mnef.onion/3d98739c5f042f1f
Targets
-
-
Target
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
-
Size
139KB
-
MD5
21bfa1dc51db0926cf4a4cea27da1504
-
SHA1
4e7d6f64b433a21e81cea1dafb56a31fe9f85cad
-
SHA256
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
-
SHA512
f133dc5c6390720e6abc18af032d237104616fcb58d9583a13ff38db16cc5ef0037f4761eb80263e4113eea8d0a9c75799e04bf9ef090f8789ac8d68653bd3c6
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-