General
-
Target
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
-
Size
208KB
-
Sample
220128-zrct6sdgb8
-
MD5
c7d5077960882259b85c01fd41c49ffd
-
SHA1
6c8bc4d4d744c7157c43c937650919e44373d6cb
-
SHA256
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
-
SHA512
cd88b8239e51873f9aebd7bdb9e3ff61b7ce8ba4f8a136b7f692b9a3cda1cd2c05ad088498051321c6ae25d89594d8990f1939a98eb91bd217c8e1cfd492f91c
Behavioral task
behavioral1
Sample
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\MBFRSEOG-DECRYPT.txt
http://gandcrabmfe6mnef.onion/5b79ad21ae34671b
Extracted
C:\WVZHIZC-DECRYPT.txt
http://gandcrabmfe6mnef.onion/3bfab5107f75a1fd
Targets
-
-
Target
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
-
Size
208KB
-
MD5
c7d5077960882259b85c01fd41c49ffd
-
SHA1
6c8bc4d4d744c7157c43c937650919e44373d6cb
-
SHA256
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
-
SHA512
cd88b8239e51873f9aebd7bdb9e3ff61b7ce8ba4f8a136b7f692b9a3cda1cd2c05ad088498051321c6ae25d89594d8990f1939a98eb91bd217c8e1cfd492f91c
-
Detect Neshta Payload
-
GandCrab Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-