General
-
Target
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
-
Size
461KB
-
Sample
220128-x794habfbm
-
MD5
f2a2bcd748c011c0ea1d7d64af5e4452
-
SHA1
2fb20c99bd4457693b830014fed745336df14caa
-
SHA256
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
-
SHA512
067bfc4c943fecf6f3bb173d818cc223d881db6ae95830549591bfe17480074cd042a6f07eadab96e19d7c2fc99a3f3c4ec8083d11d6a4a9947a93e4a052e8bc
Static task
static1
Behavioral task
behavioral1
Sample
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\NUGNVZK-DECRYPT.txt
http://gandcrabmfe6mnef.onion/b925716d4228c915
Extracted
C:\GRQMJSYBRS-DECRYPT.txt
http://gandcrabmfe6mnef.onion/7f28106d4a65a36b
Targets
-
-
Target
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
-
Size
461KB
-
MD5
f2a2bcd748c011c0ea1d7d64af5e4452
-
SHA1
2fb20c99bd4457693b830014fed745336df14caa
-
SHA256
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
-
SHA512
067bfc4c943fecf6f3bb173d818cc223d881db6ae95830549591bfe17480074cd042a6f07eadab96e19d7c2fc99a3f3c4ec8083d11d6a4a9947a93e4a052e8bc
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-