General
-
Target
658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
-
Size
139KB
-
Sample
220128-zbs68achaq
-
MD5
b990954d3cfadfd99969deacacdb00e7
-
SHA1
7f40f440cce8e1df17b7af35efe4a5ffce1d7297
-
SHA256
658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
-
SHA512
4777a321e33e94c23677456e913451c29aaf69edd1a28457880506f88875de78f89dcf4e3f1d7606e82099f529c36260c4aa7d312ea1dda9448b2b76894ed9c1
Static task
static1
Behavioral task
behavioral1
Sample
658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\TNEQV-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d5afd2c578455f6
Extracted
C:\ZUMGVX-DECRYPT.txt
http://gandcrabmfe6mnef.onion/e17c5cd0276a67fc
Targets
-
-
Target
658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
-
Size
139KB
-
MD5
b990954d3cfadfd99969deacacdb00e7
-
SHA1
7f40f440cce8e1df17b7af35efe4a5ffce1d7297
-
SHA256
658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
-
SHA512
4777a321e33e94c23677456e913451c29aaf69edd1a28457880506f88875de78f89dcf4e3f1d7606e82099f529c36260c4aa7d312ea1dda9448b2b76894ed9c1
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-