General
-
Target
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8
-
Size
287KB
-
Sample
220625-j4ss6aegg9
-
MD5
59895c20f1e8c310b0b82cd95030d977
-
SHA1
3c1a076f2721e7428de208149a17b6ce2ee5717b
-
SHA256
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8
-
SHA512
afbf043f50a2f424dfebbe3b1e9f4236aa0b9e6a3a11c71238e28472b93e02cef5c2138e5328d8b3661968d13cc65da77e0e33f2d07bcdfa8735e9a3ee4792d6
Static task
static1
Behavioral task
behavioral1
Sample
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\FBLOLLTT-DECRYPT.txt
http://gandcrabmfe6mnef.onion/9f21c99141c82dec
Extracted
C:\JFVEY-DECRYPT.txt
http://gandcrabmfe6mnef.onion/c40563aa8b4464b2
Targets
-
-
Target
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8
-
Size
287KB
-
MD5
59895c20f1e8c310b0b82cd95030d977
-
SHA1
3c1a076f2721e7428de208149a17b6ce2ee5717b
-
SHA256
5b2bdb9da226dd68be7dab3bb5f1e71d5c486743821c1635e354d7c3e42ae3f8
-
SHA512
afbf043f50a2f424dfebbe3b1e9f4236aa0b9e6a3a11c71238e28472b93e02cef5c2138e5328d8b3661968d13cc65da77e0e33f2d07bcdfa8735e9a3ee4792d6
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-