General
-
Target
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
-
Size
139KB
-
Sample
220128-ybyk9sbgcn
-
MD5
04f2a82387c8e503f655921da892cf9c
-
SHA1
34c4ddb4d5d3bb0fce0651d9c44c21d2dbc01ac3
-
SHA256
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
-
SHA512
ec5feba51522a701a66541aa1c3d0ffe172ac9d02ccf8eacbdc63692a52a9b8aa92093e2d22c525e72e4ce3762256275bd9dd38234f594d8231c5691d95630c2
Static task
static1
Behavioral task
behavioral1
Sample
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\AUSVIQV-DECRYPT.txt
http://gandcrabmfe6mnef.onion/540dc5b58efcd0f2
Extracted
C:\YQBTRHWU-DECRYPT.txt
http://gandcrabmfe6mnef.onion/4eb7b1a126ea668
Targets
-
-
Target
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
-
Size
139KB
-
MD5
04f2a82387c8e503f655921da892cf9c
-
SHA1
34c4ddb4d5d3bb0fce0651d9c44c21d2dbc01ac3
-
SHA256
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
-
SHA512
ec5feba51522a701a66541aa1c3d0ffe172ac9d02ccf8eacbdc63692a52a9b8aa92093e2d22c525e72e4ce3762256275bd9dd38234f594d8231c5691d95630c2
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-