General
-
Target
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
-
Size
139KB
-
Sample
220128-yezmqscca3
-
MD5
8f78176a1aa30d302cd2997a32cfdc79
-
SHA1
e6c7598accd21430a73f3575fe0519dbeca5af90
-
SHA256
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
-
SHA512
7a2a0733c626e771ed90d7a1b181658effce25bf1555dd1791778ba0a848fde9d769ef47378247cf5b0c3e16ef714eceae6a2d37760011d2c25c1dbe66bc1ffd
Static task
static1
Behavioral task
behavioral1
Sample
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\TJTUGZO-DECRYPT.txt
http://gandcrabmfe6mnef.onion/528ad651d992df42
Extracted
C:\KRGCF-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d2a7fe38e2552b21
Targets
-
-
Target
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
-
Size
139KB
-
MD5
8f78176a1aa30d302cd2997a32cfdc79
-
SHA1
e6c7598accd21430a73f3575fe0519dbeca5af90
-
SHA256
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
-
SHA512
7a2a0733c626e771ed90d7a1b181658effce25bf1555dd1791778ba0a848fde9d769ef47378247cf5b0c3e16ef714eceae6a2d37760011d2c25c1dbe66bc1ffd
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-