General
-
Target
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
-
Size
447KB
-
Sample
220523-wb9x7acfdk
-
MD5
abd1a27434e98e8112d83db9fcda8cea
-
SHA1
6aef25838f33abea1f4a02b8f7b00890893ed751
-
SHA256
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
-
SHA512
f2af507a1ea410292249a3a6c60db18edfa1e80289e5a4dab2e0055de566afa443cf865cb399bad88994f89fd99132852b199577a6cfe0827813f706b4508788
Static task
static1
Behavioral task
behavioral1
Sample
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\CXDTS-DECRYPT.txt
http://gandcrabmfe6mnef.onion/c3c2ca347ced9cfa
Extracted
C:\MFUXG-DECRYPT.txt
http://gandcrabmfe6mnef.onion/8ffa1a5ecc5181f6
Targets
-
-
Target
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
-
Size
447KB
-
MD5
abd1a27434e98e8112d83db9fcda8cea
-
SHA1
6aef25838f33abea1f4a02b8f7b00890893ed751
-
SHA256
01d6275b50fea35014c4557daa223e501872e252cf244da4345366b227f05989
-
SHA512
f2af507a1ea410292249a3a6c60db18edfa1e80289e5a4dab2e0055de566afa443cf865cb399bad88994f89fd99132852b199577a6cfe0827813f706b4508788
Score10/10-
GandCrab Payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-