13f476ec8dba856b93c2b799dbf9994191d14e9dbc2c6d75c9ec3d8054144b3f

Analysis

max time kernel
152s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-06-2022 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36c3-malwarexchg-part3/GandCrabV5.0.9.exe
Size

165KB
MD5

119fc3356fd91b84ce3195f4914ce53e
SHA1

e71024b789e25f79b50b9d79409ba0c85597cf35
SHA256

bd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3
SHA512

44495f89eb6f8942dc63b1d70c8202b7ca3bcec0e7f35be4e10b13f28de01deee254435549c85c13a468bb713f558c0efab6c702ca69ea8ebe1cc9360aeb132f

Score

10^/10

ransomware upx

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\!!ÊàêÐàñøèôðîâàòüÝòóÏàðàøó.txt

Ransom Note

You files have been encrypted using RC6 Algorythm. For decrypt contact to [email protected] You have a 10 hours to contact us. If your contacts after 10 hours - your files has flushed to toilet!

Emails

[email protected]

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral10/memory/1332-130-0x0000000000400000-0x000000000046F000-memory.dmp	upx
behavioral10/memory/1332-131-0x0000000000400000-0x000000000046F000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\GandCrabV5.0.9.exe
"C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\GandCrabV5.0.9.exe"
1⤵
PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-130-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1332-131-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download