General
-
Target
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
-
Size
139KB
-
Sample
220128-yafztsbffr
-
MD5
647ce0159d62ba5e42a1a1ee52c83ee6
-
SHA1
4e278e03ec67129d49e9c07c73749c0952dc62fd
-
SHA256
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
-
SHA512
8061d68c2cefbf66ced0d1df7b518a8a64f8f3b6e8db7243754760f3291017e85f723d998749b5c851819703f2f33b9e2631495728ff53245f8899f1ee9832a8
Static task
static1
Behavioral task
behavioral1
Sample
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\KXDNJU-DECRYPT.txt
http://gandcrabmfe6mnef.onion/4f53c3b9c7dda63b
Extracted
C:\ZVOUIEG-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d5104ffaaece9ed0
Targets
-
-
Target
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
-
Size
139KB
-
MD5
647ce0159d62ba5e42a1a1ee52c83ee6
-
SHA1
4e278e03ec67129d49e9c07c73749c0952dc62fd
-
SHA256
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
-
SHA512
8061d68c2cefbf66ced0d1df7b518a8a64f8f3b6e8db7243754760f3291017e85f723d998749b5c851819703f2f33b9e2631495728ff53245f8899f1ee9832a8
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-