General
-
Target
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
-
Size
139KB
-
Sample
220128-xhg2esagfm
-
MD5
73f0eed8c39217c35f56386f52b29980
-
SHA1
1dfcfed25caeb5d3c5b53a3da6450495f56c8ce8
-
SHA256
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
-
SHA512
09b2a8a66c49f19ef9c22bd48a6fe19e144393e717f823f33b281c5e410c247306f69cff9aaae9bcac81268e3c979c0c3a9270c2fa6ecfaf41c0829b0b7dcefe
Static task
static1
Behavioral task
behavioral1
Sample
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\GBVFLK-DECRYPT.txt
http://gandcrabmfe6mnef.onion/2487bfeba9ed8777
Extracted
C:\GOGYCKVI-DECRYPT.txt
http://gandcrabmfe6mnef.onion/cbbbd2440cd4e42
Targets
-
-
Target
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
-
Size
139KB
-
MD5
73f0eed8c39217c35f56386f52b29980
-
SHA1
1dfcfed25caeb5d3c5b53a3da6450495f56c8ce8
-
SHA256
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
-
SHA512
09b2a8a66c49f19ef9c22bd48a6fe19e144393e717f823f33b281c5e410c247306f69cff9aaae9bcac81268e3c979c0c3a9270c2fa6ecfaf41c0829b0b7dcefe
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-