General
-
Target
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
-
Size
179KB
-
Sample
220128-z58trsdggk
-
MD5
8ec87fd3ea777fa8d5160dc957e6683e
-
SHA1
32e0c587eebce8913fe0f73f6e760929b3093c21
-
SHA256
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
-
SHA512
9de2566930c84a1f398b6e9d298ecaaa9dd3171768f6ff6e327f1d5c7acb31a8753e7f4512ce5d34de551521842a768011aad431f12b041283c52a1064b5a5d6
Behavioral task
behavioral1
Sample
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\BQVLW-DECRYPT.txt
http://gandcrabmfe6mnef.onion/7678dd21808fc4f5
Extracted
C:\EVEQTPJE-DECRYPT.txt
http://gandcrabmfe6mnef.onion/1eef4d64eb0767c7
Targets
-
-
Target
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
-
Size
179KB
-
MD5
8ec87fd3ea777fa8d5160dc957e6683e
-
SHA1
32e0c587eebce8913fe0f73f6e760929b3093c21
-
SHA256
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
-
SHA512
9de2566930c84a1f398b6e9d298ecaaa9dd3171768f6ff6e327f1d5c7acb31a8753e7f4512ce5d34de551521842a768011aad431f12b041283c52a1064b5a5d6
-
Detect Neshta Payload
-
GandCrab Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-