Overview

overview

10

Static

static

new.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.exe

  • Size

    440KB

  • Sample

    220625-xn3kbagcgr

  • MD5

    0100b82cf1666562d3152c34afb54c71

  • SHA1

    89ee13560ccd82f099adace6a602685c0577e23f

  • SHA256

    ab87c1322be44d5101e73269291ca8cbe371ff936eb94e691552db40334fda79

  • SHA512

    daac7998edaab4b0e1f9f66396a468155209658fcf34dac8e3857710ea7b195f49e466760d25afa290e0b1eade60105d250c0530417712a2e0469c1da22925a8

Score
10/10
gandcrabbackdoorransomware

Malware Config

Extracted

Path

C:\CKYSQ-DECRYPT.txt

Ransom Note
---= GANDCRAB V5.0.3 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .CKYSQ The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/51f42bbb9b2352bf | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAAVzEIWUVtY/WRMoQcCd6mcV1maRhzP6CZO7+3tEZfLr2z0YQ6aibCOTVSJ5Gx18f2wy6slOb9KDE5U6j+ux0maoW6QRr+oipLdTvrOgyByRkXiB4sq8gt/Z8EjPiykbsHhZGJvRFh6P7y8b1I6lWzdI/UueXOgCj6d6F8A1Kd/KsGFwsvAq9Fyd7XMx8D4P7q4Ky9vz0UGJsNMRpUSWbprDFX9x2r0D3Zt/XKhtEGVrurSfctj4m4EpXdF4AsmnrHMbinfO0ek6LH6S75/RROOUAvl9+A6QaK4kARJkp+gXURX1M9bNzjnDj8hFoXbv+YMZUesCh3pLpU+uUVH2hQIyF6sBchkgvD4VgG5HOn6ez6ZhwNppjHzr1mJvOIdsOeXTuHAGYtLA7wh6eRIu1suU/M+E2V9GPPcTkM5cA6IN/wpafKrvfz3OB/snEHYuNedw3v3HozU2jc1M2RoPdxGBJ19JRZBRi/enq1CFjNvSDWJNfn4XFVOoyn+mdQrGEjtPhr8BH3NDUbCWsWq+s++VXcFGigI29SgkK9aQWfKUWFgTIDp3Zmjy6X00j7InpGr7f20bdDrh+HF5OmRAgekotyuXMErhtj3PdKXwmKia+Ih8O82JFYuyz8LARQGcsoraCMtyB3IZkvnr+tHmcC6HcLcUs+YZSdRxhWicR8RroeKDn6SqCdh8fjtFSetcjatJ2010iJuC66wG0HvuP5Vz4uH75Qrm5Tk89i5GFhjwwsp5GVU2fWft6m7ZNrHanekaxGy1es6he4AnNBC6sT7c+aodCPlSVCo4oSQy5iT/b+FEFkEdXbghCNzduX2OwN2SwQwcAmt/7X7Th18+ROTH6bdPm04fkrksv99QuCtj7UQBBzIUrY7oDxAOGSy0/QxDQFFHG4Ge1xI//B8mlTvHKXhHHnpjIcaNhnQQyskrN+rEiTo+UWXfbm+XHe2ysKsGsckG/RUfq+/76yXb06jy/4r8m/ucaNwQXP8AqneMB/e07KqBoeSoa7X7SlGtFmin5kLbCYdnmAryxwZYbfI9Cjtf7f3fLLs7mVPYDlsaCLvyjDCPVQSbKv+s5XCLnzlErs+LfEJIOUJgO5sRsTnt8SM9erolfXEAUYkUS0fqr5Fp21wMqIVN0Fh5y+1/PH1vfTftkLIN3hvP48SdqFlLKjB2zpL2SdJpuQNbsdX1MHXhOveh3C8em24GW1W5x6H/+A2Ve+9SnhJfLpB4oYaRzNzsmIn74OYiCfQh9suqxS2FdJ3+XEsZR3gNscZc4D6pgsjEPj6+aYcHyANGV/2os3xv+3DoVOfrhxJqFJILaPYbg6rNmm48+iN7bO0Q7FgDS6i0IqNLYL9fA1tsYzYe4MMS7hKPO5/z4IzZtIfG8dkc4z7vtrqpvxVvYMK96gq/XZuBMrKvvnlqfIxYTGKgOwiSyDeVGFK3jOYy8j69b8IlOXcxCbDk2ZYSg58LcvbjfA3e65VGAwSBAxgygudr8XVhJwHuW5YOzPJKBvZEChHEQuiaueLvsKeCfp4g8uuRPpWW1FrnURat3TYuaiN8F6KV3yD+NVPS4LEm8TCHIsaLxGxym7qNN8TUul1ACfkl+RtI4LIkjjIG/+kUUkOqRQaEvWSnsLuyqLmjRrinMlOkEAvQ7WX46kkEdGLnRt98B96VAHU0ZHJcRR5YqzVhX8jC3YXiS+mK/LwObXYi35gm9YNA1xLnC7TZ/OFoJ4bRI2P++/GMoLnLPMTmRimgrcZ5mvnJWDoGFP+CtVAnzmR5KQP04h2poha3USEnCDzgj/VKm16bIIbuahycMvw3hCcU2S0J0egC6DmCVmvL5JsOaSzWiapMfftDIi7biPx37dEKbUZlsXZtjcLXKwK3Ujnq3YkK5jembgcV83f+zICU3oFXZRXdiKeCH7mBoAHHtK/swuDm43mQpHYqa4Hmgp7G2I8rNS3ZdBeYXAJ3laPDJTMdHqvwjjx2ukpnev8YzF1wbPSEHclZuTvrdk8MA/3h7cBBypuVDmBqs8Gj92yWcJCQILH8TriVOK1ucVC9nGPQ3PQwQiIKlwHyPaeajE2kI40uX4jg0/EsGItQNnN7mspimWdS673ctbMa1I8d06PaC5yKdq6PKd7aGjXU3G1VsRFr2UiY6BKxS+vNFhRHECdMdvy4bTE164GXvfxoydkk61fmvlmx3XRtdvAp/DbV20UNzYbNp+JFFyFt20wKWmcpb1MHgjxnKJbQrtZdTFM= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZDToBRtHYG7mBWqrfATG2Hhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB5eKl/zA2FeskGolYPlrRBi7t/xHUEdobpCcQ4ou4bab3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoAxPMnKo+DO5eAL2fjmE0g6RrIQ3vxBFKwg7yZizpCRFF3v3LNOap1wMZOXQTRlOKajmI1gXgeX8MmU3fjiyxQQxnz7JBlpawv3IDVY/peTfifFIcKcAhPzVN238JQy/C1qZHEv3tLEi2BYpMe5GkHskOOL+XRYYP+olzV/Dut7OUzJr9 ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/51f42bbb9b2352bf

Targets

    • Target

      new.exe

    • Size

      440KB

    • MD5

      0100b82cf1666562d3152c34afb54c71

    • SHA1

      89ee13560ccd82f099adace6a602685c0577e23f

    • SHA256

      ab87c1322be44d5101e73269291ca8cbe371ff936eb94e691552db40334fda79

    • SHA512

      daac7998edaab4b0e1f9f66396a468155209658fcf34dac8e3857710ea7b195f49e466760d25afa290e0b1eade60105d250c0530417712a2e0469c1da22925a8

    Score
    10/10
    gandcrabbackdoorransomware

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks