General
-
Target
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
-
Size
139KB
-
Sample
220128-ysvwpsccel
-
MD5
ad32c2d46b2b74d93f86c130b7d5f6dd
-
SHA1
c64683c430b9cae05702b45cfac93f8e8f44980f
-
SHA256
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
-
SHA512
8411a8ba71941ccb3eeda61d7191905e8a661edd768d50146817bba3e3982827c3e72b6519d00f887fa3db9365de763cd330f92df62875b11b78a0527f4c2ea7
Static task
static1
Behavioral task
behavioral1
Sample
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\SJRKE-DECRYPT.txt
http://gandcrabmfe6mnef.onion/72f07c34aaa392f
Extracted
C:\RJUFMG-DECRYPT.txt
http://gandcrabmfe6mnef.onion/15a1e1cffaee883b
Targets
-
-
Target
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
-
Size
139KB
-
MD5
ad32c2d46b2b74d93f86c130b7d5f6dd
-
SHA1
c64683c430b9cae05702b45cfac93f8e8f44980f
-
SHA256
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
-
SHA512
8411a8ba71941ccb3eeda61d7191905e8a661edd768d50146817bba3e3982827c3e72b6519d00f887fa3db9365de763cd330f92df62875b11b78a0527f4c2ea7
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-