General
-
Target
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
-
Size
139KB
-
Sample
220128-zv6awsdhd8
-
MD5
cb067aa3f71d1d59c9b91fe8b4632c4c
-
SHA1
6a23e82b5da19caeea5b7b63cca00306325b013a
-
SHA256
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
-
SHA512
941aecd5c80c087767a69d7ddd589a69bdb424687d75fc406ae33e316b1543dd454bea833f0c302ec2227ff6986ed1ec9b1a12de64038371367a3dc8fe3ac0ec
Static task
static1
Behavioral task
behavioral1
Sample
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\ORAAHGGRGC-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d4f8919fa147539a
Extracted
C:\FCJEMI-DECRYPT.txt
http://gandcrabmfe6mnef.onion/184a368050059089
Targets
-
-
Target
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
-
Size
139KB
-
MD5
cb067aa3f71d1d59c9b91fe8b4632c4c
-
SHA1
6a23e82b5da19caeea5b7b63cca00306325b013a
-
SHA256
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
-
SHA512
941aecd5c80c087767a69d7ddd589a69bdb424687d75fc406ae33e316b1543dd454bea833f0c302ec2227ff6986ed1ec9b1a12de64038371367a3dc8fe3ac0ec
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-