General
-
Target
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
-
Size
139KB
-
Sample
220128-zjn78sdec5
-
MD5
620020e45bf08e6d9fba923386339395
-
SHA1
17d1be258e5887ee62ecc8961d069e29d145a742
-
SHA256
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
-
SHA512
e828c4ce04523c57b651d452ea3f7dd9366bb4a03b30fe555d71739e9f44c087b2852015b32f3c41137f0f8839297c2559e84b9082cf20799954f888f538b082
Static task
static1
Behavioral task
behavioral1
Sample
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\FKAHZHN-DECRYPT.txt
http://gandcrabmfe6mnef.onion/f3ced68f4f335c76
Extracted
C:\FITWGWXF-DECRYPT.txt
http://gandcrabmfe6mnef.onion/3ea6b9085b6d7846
Targets
-
-
Target
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
-
Size
139KB
-
MD5
620020e45bf08e6d9fba923386339395
-
SHA1
17d1be258e5887ee62ecc8961d069e29d145a742
-
SHA256
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
-
SHA512
e828c4ce04523c57b651d452ea3f7dd9366bb4a03b30fe555d71739e9f44c087b2852015b32f3c41137f0f8839297c2559e84b9082cf20799954f888f538b082
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-