General
-
Target
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
-
Size
139KB
-
Sample
220128-zlk9csdef9
-
MD5
46cc8350def065ec86934edea49de860
-
SHA1
e8a6a18b700abcdec34b254105b2d5f8c30f99c0
-
SHA256
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
-
SHA512
f745395dca9ed78d7f8af986c6ee14cc8b4eef823611551db2b4be47136076c61d352892d65762ec5d050211b7bc249d54627be8b85a51d746650e32e7f97576
Static task
static1
Behavioral task
behavioral1
Sample
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\QQGSABO-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d7edae74f240c877
Extracted
C:\BUPTBUF-DECRYPT.txt
http://gandcrabmfe6mnef.onion/4559be998c82cce7
Targets
-
-
Target
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
-
Size
139KB
-
MD5
46cc8350def065ec86934edea49de860
-
SHA1
e8a6a18b700abcdec34b254105b2d5f8c30f99c0
-
SHA256
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
-
SHA512
f745395dca9ed78d7f8af986c6ee14cc8b4eef823611551db2b4be47136076c61d352892d65762ec5d050211b7bc249d54627be8b85a51d746650e32e7f97576
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-