gandcrab

General

Target

3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
Size

175KB
Sample

220626-d9dcrshff3
MD5

5fa8ad9d232314d906437a9bcaa4c66a
SHA1

e7e4a72fb5924051a41155044f03f55aaa304266
SHA256

3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
SHA512

ea5827ace763562a502bd32c70df807c570f467eca5e79138bf7a66bb658049cfcd1d9b21e75e692c2a6d4b92e66636cd051138b223194921d1a8dfa061289c9

Score

10^/10

Malware Config

Extracted

Path

C:\KRAB-DECRYPT.txt

Ransom Note

---= GANDCRAB V4 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/fab57563577e6bc | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAIzvg49MnKQnjwP8rI8j3NcJS+AHC/Y3fYMF6wdR5zGishzK2Lb82do+f8uZ6t82Z1zy1xQiN2vRMxkBQTGSAyCfcETKAwYK6P6e5lL/HRQiCjhMV1fEn/wtME5m056Ln2ZY58o2eINDHOgEo4Z6suML9n08yj6ejGq/QIup/dkHc5m1FrWxggTYyg+9XcsAnhz/AptcQMmQif4Hupr2GL6lWfTbm7ZFg/6nTVozD4YRfsxuxijmKR4jPrmbyg2rsgol1M3KKMCJ3cCVW4p/1F416ppp1LBe/0eW+d/SbvkHiObThO43JMMDo9g/xGsZNiqn6jtNaTa2faCIwx45kx9DlTPB2jJkYtEciqgtECzMOtQg+tkNRLQGGN5UtzpgS0V8RHqcCo0j1cfKUGqiRS/BUQwRjNYNiNAEc/TekEzgmHIutAipbf+1sCvAsoOSkDCgwy6OBjbWZGVqmao08WSWKP0MVWnAP6GitOD2mCCzE6LwFTMjk+COygNqyftiGvmDeNiYVckmoiWBxxl65xRjVA3D7Pq2CaW4F54bgafj94HRNpXn7x7J7CW4YZiklityAFhA8uuMDi8WDQBAN+38kSAvx6jb3+385mOQzOZNDe4FaVg/UfQnAURtsG8EAj6wdJp2RgbF0ZKR7EXA4nLJ+MDrmvEenk2Eb4ZyJB00EHSeD27DwchQ59uJIrmIoK1ohDDWrpYdDXIAJXMHkYK9GglAmfFIAxLAV7ykGSLFp80bDUbxRHPH3OuTIxRPo73m8XiWt9E2NXig07Vjk/shjumKS3uvHJETqG3QaX9FVGYuCgiGn2kFVfPYoXOmE59xzm/09ICFa8ICSjZYF92YcnbnyDNYTR3GjxpbPXAK3qJOfjqBdVUkGdTMalbr7/pI78Wiqm4XCpzFJe647efa3hqxE1Tcxqb5S15tfeUUsyutdUnq3ps5lZvbzaretFTErpUUobuMdE/UgJoHm+csH7uc9tlXljCdTgra0gnYfAUAfUZnrqpqiqD9+zfr2ko+JBUPeBTqTQRJQ/uM5fb+6hQqRFl9FZBjo2fP0fT7OTJTixUUmp2q3HhMEEUmpbgsx3bY1FD+sdw7iRELJj2mFMgAe9IY1JIHEuLbsKXS1GDMoBXf/RuLlm29KH6ZSI2tbsglLpGujta5nUhFgqjEM0oQZE1oNk3HmoXei02mPZ0OE3VeSJNPbFFbY/i8D14H/1B9QI+KQpQ6VGjcKVE18Qu/fbj97p8CtFEHkO2eprhJPjEY2PD5RQn1YXBLxLUfyieQnQs2TP47J1J/aGhjsqcRRG5k5mky7A7t0BmW7UcUyJDg6BIiGkKjNGj0UB3K6PMo/y/iMwBjUfifDkBn4EKbdxJJzOyERA8vL+aPW6lkHGpt1Uj24RN2GN69BGU16y6JufbST8Npsh28r7zx5WC9oXHwdSFDsIsYTfkydC8mwamLob3JVWHDLZx45SbEZgcytJeBMD6rg+ndbEG9EynkuzYkRJmY0uH91aYs4FJbcu6tQ/RUb/pOZfEnAqz/xAUJwuVoif2dkp14cZRY6eSTBeiIe/Rjfwb57M+IO3kH7Vz4fh+SuRvvYhanEuhu/UNS8HM4UqmvvWew23oavOJVIzTlwEJhhyC1peFSR13XqsSSm2Uq9f3IzhHdehvbsLr8eV0/9hMObUtAUj/v/NanMM3CqQOxjmE2PIsG5WbQBgScmiApU05a//F0BYO8+RgK4HiGJNJGw4st1/l3syNQtZEgZiQekbxrzqbZVxRxoMVZKQOy6dw80X0ZhTAJCNXiPBmxE6BB84s1teFBOFR/Qpvl5eYbuElHE1XzOWyPw4jXWHA96IcZMeOfV/rL/+NjWDGdAblZdIwKf9+IZdGuHH2e9HuHEsb23DctolBncDmQ35az87+57Y2eXI81VHybQ6uup5sO9JNhUOawsNNSPXAWI1YAzYJCa3JiuV2qkihMi7bqwOrJZVI2ti3JoisjhrLajjBkLFn1uq8sFJ1UYPP53qom1kBZpr+nxKVtn89mkJYAJksxY4wby8dL/ygSpepqaJF1c7veeuNbL+ldREq/SWlmVihXJ+CObcYuFNppMCRK8/ZV7FC1PTF38ShGHZeNBz/tXARFuTZB3q03+U20cw4ZkY/3GrvRnkTKQzXksZO8gmd6tDRHIpEp9BSXvgaYznXXyfdrw2xThBPPXso1+K5Mbewav2MtXKZ7+KTYtNdR/VUEmx5IOicJzME= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZWToJRqHYO7mlWt7fHTGeHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wLmpQodXZhP6M/UPrO1sZzkDbgjYlAG3g8l65nVd0/CBUxKQ7KDJYrtX0vSmnFXg/ykfgtJNiwqfCnqbr85+BitbEjkRrB5eKj/2M2F+slGt5Ya1qEBnLtqxGEEYobtydK4o24b6bsY7hyY4zV2QKiqZRuTRsqAVO9JIUJp5FtwNQoBRPKnKw+CO5XALafi2Epg65rLQ3qxA5KyA7yZijpCxFN3vDLNuav1xAZaHRCRliKfTnU1kfgN39ImRrf9yyrQR1nkLIvlsqw/XJIVdvpPje3fE0cI8A9P3tNhn9IQ3LCzaYTErDtaEjxBdZMM5H4HskOLb+SRYUP ---END PC DATA---

URLs

http://gandcrabmfe6mnef.onion/fab57563577e6bc

Targets

- Target
  
  3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
- Size
  
  175KB
- MD5
  
  5fa8ad9d232314d906437a9bcaa4c66a
- SHA1
  
  e7e4a72fb5924051a41155044f03f55aaa304266
- SHA256
  
  3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
- SHA512
  
  ea5827ace763562a502bd32c70df807c570f467eca5e79138bf7a66bb658049cfcd1d9b21e75e692c2a6d4b92e66636cd051138b223194921d1a8dfa061289c9
Score

10^/10

gandcrab backdoor ransomware spyware stealer suricata
- GandCrab Payload
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2