General
-
Target
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9
-
Size
361KB
-
Sample
220625-njgmlsacfk
-
MD5
e387bd817e9b7f02fa9c2511cc345f12
-
SHA1
98b3ec47b64198e3604c738f8c1f4753e0afa8c7
-
SHA256
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9
-
SHA512
2e7c93be406148d60c90db9f07e6b622e812a90e3de54b692f5eb18aebcb52df4649e87ad1ba8132d68de4817dd4cb219b784d679d8af3a69a41b0ca1f83d5a0
Static task
static1
Behavioral task
behavioral1
Sample
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\LCPOU-DECRYPT.txt
http://gandcrabmfe6mnef.onion/cca07adde9924b3
Extracted
C:\XFTOO-DECRYPT.txt
http://gandcrabmfe6mnef.onion/dc0aeaf7cdd93a8a
Targets
-
-
Target
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9
-
Size
361KB
-
MD5
e387bd817e9b7f02fa9c2511cc345f12
-
SHA1
98b3ec47b64198e3604c738f8c1f4753e0afa8c7
-
SHA256
39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9
-
SHA512
2e7c93be406148d60c90db9f07e6b622e812a90e3de54b692f5eb18aebcb52df4649e87ad1ba8132d68de4817dd4cb219b784d679d8af3a69a41b0ca1f83d5a0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-