General
-
Target
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
-
Size
175KB
-
Sample
220626-d9dcrshff3
-
MD5
5fa8ad9d232314d906437a9bcaa4c66a
-
SHA1
e7e4a72fb5924051a41155044f03f55aaa304266
-
SHA256
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
-
SHA512
ea5827ace763562a502bd32c70df807c570f467eca5e79138bf7a66bb658049cfcd1d9b21e75e692c2a6d4b92e66636cd051138b223194921d1a8dfa061289c9
Static task
static1
Behavioral task
behavioral1
Sample
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/fab57563577e6bc
Targets
-
-
Target
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
-
Size
175KB
-
MD5
5fa8ad9d232314d906437a9bcaa4c66a
-
SHA1
e7e4a72fb5924051a41155044f03f55aaa304266
-
SHA256
3619fec40668b5c713499b9c451e428fb1c022bda4a24dd9fc3f62e0cc017b4d
-
SHA512
ea5827ace763562a502bd32c70df807c570f467eca5e79138bf7a66bb658049cfcd1d9b21e75e692c2a6d4b92e66636cd051138b223194921d1a8dfa061289c9
-
GandCrab Payload
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-