General
-
Target
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
-
Size
179KB
-
Sample
220128-xrf6gsbeb6
-
MD5
c0a972bfbb576c4cd296bae03890b2a1
-
SHA1
aba31c189fee54f510f8d39bed11f26a4eae6f37
-
SHA256
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
-
SHA512
dbab5e7c95fed285d85d63d0fa8e2c46f1a8c9df7825d8576b99a1906b54ebd07bf0256424e8f4b82edc8ac581db9a6285b121b77d9ea33d741229c60ed6e8d0
Behavioral task
behavioral1
Sample
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\CYYQHJGDE-DECRYPT.txt
http://gandcrabmfe6mnef.onion/a902b13247230f4
Extracted
C:\CKTASCW-DECRYPT.txt
http://gandcrabmfe6mnef.onion/7ecc09027ec95afb
Targets
-
-
Target
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
-
Size
179KB
-
MD5
c0a972bfbb576c4cd296bae03890b2a1
-
SHA1
aba31c189fee54f510f8d39bed11f26a4eae6f37
-
SHA256
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
-
SHA512
dbab5e7c95fed285d85d63d0fa8e2c46f1a8c9df7825d8576b99a1906b54ebd07bf0256424e8f4b82edc8ac581db9a6285b121b77d9ea33d741229c60ed6e8d0
-
Detect Neshta Payload
-
GandCrab Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-