General

  • Target

    933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ff55bdd3b8dd0

  • Size

    130KB

  • Sample

    220128-ybkpeabgbm

  • MD5

    0b33e34e26c6e53c346517edd3dd9841

  • SHA1

    cc96c9bf2226aacc5064fed104bc173dc09ddd6b

  • SHA256

    933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ff55bdd3b8dd0

  • SHA512

    d58df66c4192d1f734b28a28296d08037fb74fb01bbf6bb3761079850370ffe8288602882142636604ec9cc7d0b89ac9e4fc46fb280cb4fe8c9f23e1c219c4e2

Malware Config

Extracted

Path

C:\JLNIACJJK-DECRYPT.txt

Ransom Note
---= GANDCRAB V5.0.4 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .JLNIACJJK The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/d28bd0f830f133 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAFUMrhjAKLHEZ6FoLzRVq+NthkNIRR+SWJSYqFx9mTD/Uj/bKA+SeozsaXoT41co4fLEjPPMTaC9pVFTDg2l76VzYL/hAjjQvRh3NXRuZ2ZnJHtgn662wohkPzbYd9XFOeEPNx56i+7RPdG/hkyDdmgvPQ7zQNYb2qleD4H483k2gcsc/q3WafTgaRNc08yoePN5ZKJP1AuXXLzrHXpwU3+H20+xl3gA65Z/bfnJ1BIwGlK1EFWND9ityG6uLn0wQvlqDwKAzax7adX46BwRHybyX5uJc0MRWbircRd9mUvYATZjlVut56KYZ4f3BXTh57NVAy2Qs3GMpgubQ+0n9x7/PReQbu00wiNNZUDIrCWUU68z+bz+Get4BiRUK0d7gF5r8A5u/14aMZaoIePh3Mkz++TOK9+gzV+4X1CDZ0rCzVIwlSADUtIDlnLVxRR2vVJ8RCkeEnD8fC2YFpijs3waFlF+rt+FF+zDj9Mw4zHDXBc8IhTt6cBUQSOua2kWlJrHHJj4Nv9IkubMGYPzQqy1cgZeebp8KVPtJVfaatt8Of64pt4ic8sSvIJfkwFlE/6enNC/gZKCY4n3tnT3qa7Qqt3cClDXtQZgdseZv9L4W+4ZAsr4N1K9Z29F3/jgD405p4L4sTtNhaJ2djINkQJasF3QnXZnOOUpqb+78FQkHjrddjK1MyOnkDJmv9GW5bzKKGTdR7Rdaakt48UsMopx5gQBg70SKN/Dp74tfJODIRkoTNPdKBpibf0X3nfU6di/DPpvgrumc+3Se3RFe3U7U3saSE+yixYr+GpwxInnc8UffF6zgWd1WtOhJMqSNg8yenQpo807rgxyCMRZTWAwmwrf5le9CFQ/O2u3tmybkzxbdoPe3lTgB4KD7qQ3Ea0dwuU6oDnpaB9GUV7GQson6NKp8bJSvXeuEYpdX0RxpRMhz2F/PmpcKtV0kyfp30yhV0Dvm0MH4CKi3Q8y2zsyzVkANZa4WdDqyhJLOv0PnadOlmjdTG0s6yzRlIy+JB4LJeEaLRVm91M8VIyGoolAJKHDACzQ+6Cq6UHCOSsiEE6+i2dBgk2iWravB48U+t6dPFrrw3ORqe8NaeqXM4C0wKTnj3y3StITAAW80eSoXQe7rW4MTjEjXXZW+m/WHgQNT92kbfYPv9WMpdO6VAlEGJEurhUyUBfYOKFVJvpPQsb74RSeWdtv2URDd2A0FgpApG1uy9MqEUSZBavJW2Gs58Aw1Y8pa8xF4oUeE6zK7Va5wWM6yDz3si//qFISjZdDbHAtz9MiPZex/9JUTT2Iivq2rHBmd4PvT5YFQF7v3NmlpespLOY5i0lPgcuejEDVHzrazE/u0MEz3atjZhUus5E4MFd2wdN33dypPY+Y6r2mcJ8sHhAWDoLPmkgmQVrZWAy9lNAVeni1vhTXz8uYTIVRQoXQNgUcqBVKXLuVblPSXhxGXY1BsSVDs9vXmOz+fcDkz1/nm+5dx8Prp1FwJeFiNHcQzU7ReeXpdI7nVj8ed/qxBvfZ017LJVe3dmQ7Pc60KgDrClkcSFWVFqsoMt+76Uu8tAHTPqe2DZx9eWl7cMG7mBV/LnclIBsBQUuE7x2dV31Fz8/2zMq4+3ggXTJk3qDB2EjAJv3h5FgdQQF7W29AcStoSWBivmqvbuanZxAo71acUvi6qME+83eYppb3qsO1SdUeKU3Kzry55IoDOOgGnC3i576HuTGflDhu3EBCu0HWrp/GZaMJjR4avn2zIoGojt+mMZAIuAMDzm+GZSgcz7bxSQpfGwXD3il4kGUIK3ZdXFhkgD6bSmE0s8wfLxht9m4Oc2ZyFHK4s7lJSuWMpluilSUvcvwcFKt4kLpcaB0hWnQjeu51KxrEzEe5wII1T59fmRRUSfHySIhvlE8YGa1RvH5Oxr9dpdrcCzVzD5e8wbH6kq5hM/tJy0MlHbKxW7xC5CoDxFIz/OnjoB6XSOFmhUu+HZlKxdAeXPsGWtQb8eHDDrwGRjN4NSiqfd2eYDZTZptK94sFQWYCb6ZQJWri+RJ9/cEX3t/ITVisF5pxc974rV6wgecozrEwBW7NVLbORKPV/xNE0TlwSwzbE8YzesoTqTACETrsDmFPGGrx5b+89g0kFQNxeogrzf+lr+e0tb/qtz9W3bJo7MJ7ECN7f2YST9SmdPHe69ZztgZd/oHlbpgGxlldkcXIpo9Rjrj5ix9YDDIdnC2Zz5M4j8hSJeYWtq1PsexwO88= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZSTo1RsHYd7nRWsrfZTHWHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZdP6U/VvqF1shzlzbajc1AHXg7l8xnT91gCFUxMg7ADMEr7316SnTFUg/DkeItL9jgqcun8rqg579it7FykR7B6OKn/2Y2R+snGthYb1qVBn/t+RGCEdQb0icY4q+4QqaJY75yHYzM2XmixpQfTWoqaFO+JIAJoJFqwNooDRPOnLA+CO5aALyfjWE+g6hrLA3uxA9Kwg7+ZinpHxEU3qHLPOar1wMZN3QARhaKOTmD1j7gLX9ZmUXfmSzyQUpnlbI4lomwvnJMVc3pJTerfEocccBmP2hNgn9IQ3XCzaYTErDtaEjxBdZMM5H4HskOLb+SRYUP ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/d28bd0f830f133

Targets

    • Target

      933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ff55bdd3b8dd0

    • Size

      130KB

    • MD5

      0b33e34e26c6e53c346517edd3dd9841

    • SHA1

      cc96c9bf2226aacc5064fed104bc173dc09ddd6b

    • SHA256

      933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ff55bdd3b8dd0

    • SHA512

      d58df66c4192d1f734b28a28296d08037fb74fb01bbf6bb3761079850370ffe8288602882142636604ec9cc7d0b89ac9e4fc46fb280cb4fe8c9f23e1c219c4e2

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks