General
-
Target
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
-
Size
139KB
-
Sample
220128-z7xjhsdhdj
-
MD5
d044106fa47f15198f8e26eb64f7394c
-
SHA1
5b474845faa7eaa2c3df1d7b6d783d5c3a37718c
-
SHA256
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
-
SHA512
92cf248a7228b39587ed4c5c3205da8d13827ad9e73c442dcb9327b45ee328ea3a61eda48a7fcfa95395202ca146ecf481dbb3cdf863f7d8808a3f53520c6260
Static task
static1
Behavioral task
behavioral1
Sample
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\HNJFSNCDN-DECRYPT.txt
http://gandcrabmfe6mnef.onion/f4c90df6a349653
Extracted
C:\VEBBYIUTNP-DECRYPT.txt
http://gandcrabmfe6mnef.onion/ef262533df1755d9
Targets
-
-
Target
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
-
Size
139KB
-
MD5
d044106fa47f15198f8e26eb64f7394c
-
SHA1
5b474845faa7eaa2c3df1d7b6d783d5c3a37718c
-
SHA256
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
-
SHA512
92cf248a7228b39587ed4c5c3205da8d13827ad9e73c442dcb9327b45ee328ea3a61eda48a7fcfa95395202ca146ecf481dbb3cdf863f7d8808a3f53520c6260
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-