General
-
Target
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
-
Size
139KB
-
Sample
220128-wrmslaaafm
-
MD5
24a1ac0b0cd98114910888fe63f7e502
-
SHA1
9fd4c130a7e023f5ac50272a0d45e8a3acb78152
-
SHA256
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
-
SHA512
d20781c7f9e8e4fcb797e17e0a366ed355b49fdfda892bb28e33688dd8b0de73ca03572dbe877d33d1ce1b51d57702f5caf0b7a159f230ea986e25891eb60ff9
Static task
static1
Behavioral task
behavioral1
Sample
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\BXJDC-DECRYPT.txt
http://gandcrabmfe6mnef.onion/b67371a9158d17f2
Extracted
C:\XPAGBVH-DECRYPT.txt
http://gandcrabmfe6mnef.onion/6c3c323821334fbd
Targets
-
-
Target
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
-
Size
139KB
-
MD5
24a1ac0b0cd98114910888fe63f7e502
-
SHA1
9fd4c130a7e023f5ac50272a0d45e8a3acb78152
-
SHA256
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
-
SHA512
d20781c7f9e8e4fcb797e17e0a366ed355b49fdfda892bb28e33688dd8b0de73ca03572dbe877d33d1ce1b51d57702f5caf0b7a159f230ea986e25891eb60ff9
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-