General
-
Target
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
-
Size
139KB
-
Sample
220128-y25r9sdad2
-
MD5
4fcd0d13ea669a83a749ae5bfb098ca2
-
SHA1
2da8e7cc5460aef7e6b97ccf13cd134bf1903d96
-
SHA256
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
-
SHA512
5ea08ee19b0d8a1fc79f5462e7725f2a9fde79354f89929f6dbb4c7fafeaa2151f96d7cf7e4520ef0d3c09ef941fed334a272c2ae8ab028f11c29d5006975b87
Static task
static1
Behavioral task
behavioral1
Sample
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\XIFSPFP-DECRYPT.txt
http://gandcrabmfe6mnef.onion/2521b77266cb0171
Extracted
C:\FPVNZIGVC-DECRYPT.txt
http://gandcrabmfe6mnef.onion/88a4be4594e7b69c
Targets
-
-
Target
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
-
Size
139KB
-
MD5
4fcd0d13ea669a83a749ae5bfb098ca2
-
SHA1
2da8e7cc5460aef7e6b97ccf13cd134bf1903d96
-
SHA256
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
-
SHA512
5ea08ee19b0d8a1fc79f5462e7725f2a9fde79354f89929f6dbb4c7fafeaa2151f96d7cf7e4520ef0d3c09ef941fed334a272c2ae8ab028f11c29d5006975b87
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-