General
-
Target
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
-
Size
139KB
-
Sample
220128-zznlmsead9
-
MD5
1514dfdf8645fb2bfe1b76282d0b9c2d
-
SHA1
c672342dd7edc435a2f15ae161bef23482bfdf38
-
SHA256
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
-
SHA512
c87b3838532b462ebe87047efe5f5962e832afc059f7f659c47feb2b425ed17540cefbdddb9376d4ff77aa69b58b34323da1e593e366d8bed3cec2556b56d27d
Static task
static1
Behavioral task
behavioral1
Sample
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\IQWFEBGXC-DECRYPT.txt
http://gandcrabmfe6mnef.onion/371e7bad61d10791
Extracted
C:\DYMTW-DECRYPT.txt
http://gandcrabmfe6mnef.onion/278856cd589b9407
Targets
-
-
Target
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
-
Size
139KB
-
MD5
1514dfdf8645fb2bfe1b76282d0b9c2d
-
SHA1
c672342dd7edc435a2f15ae161bef23482bfdf38
-
SHA256
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
-
SHA512
c87b3838532b462ebe87047efe5f5962e832afc059f7f659c47feb2b425ed17540cefbdddb9376d4ff77aa69b58b34323da1e593e366d8bed3cec2556b56d27d
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-