General
-
Target
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
-
Size
139KB
-
Sample
220128-zzxvbadfcq
-
MD5
31b0542612ddefde00c650fe828ccd35
-
SHA1
8f41756a09673187a297b64778c6b9c4b22c0b68
-
SHA256
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
-
SHA512
77fa193c58f2af347ad8ddd9c96b6fb9d85615e1e550fc8d0f86ae08966388fe712908d23ca6b6b8552889a833877af161deba039e081e4ec439b0cf21473fe0
Static task
static1
Behavioral task
behavioral1
Sample
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98.exe
Resource
win7-en-20211208
Malware Config
Extracted
C:\RYTNPBXQ-DECRYPT.txt
http://gandcrabmfe6mnef.onion/9ff5afccf6fec26a
Extracted
C:\XBRIKXFVM-DECRYPT.txt
http://gandcrabmfe6mnef.onion/6016139f19ed7dbe
Targets
-
-
Target
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
-
Size
139KB
-
MD5
31b0542612ddefde00c650fe828ccd35
-
SHA1
8f41756a09673187a297b64778c6b9c4b22c0b68
-
SHA256
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
-
SHA512
77fa193c58f2af347ad8ddd9c96b6fb9d85615e1e550fc8d0f86ae08966388fe712908d23ca6b6b8552889a833877af161deba039e081e4ec439b0cf21473fe0
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-