General
-
Target
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992
-
Size
171KB
-
Sample
220627-aexalsfgep
-
MD5
0841db4bef7227c34bc9d8bcbc931410
-
SHA1
473d3950f379a4a7c36f799c7e52929b2ff11acb
-
SHA256
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992
-
SHA512
de06093dd3f330ab55762f67f9bf9827bb751136b47ecb1f5ccd7484a909661c8d8337a533cb34abbf74b8b8e1a25845970639ff66733dd3839046b1c16b0869
Static task
static1
Behavioral task
behavioral1
Sample
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\LPGSFN-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/bfac015bc07d021a
Extracted
C:\PTOEC-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/4cdb78e46fa14b6d
Targets
-
-
Target
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992
-
Size
171KB
-
MD5
0841db4bef7227c34bc9d8bcbc931410
-
SHA1
473d3950f379a4a7c36f799c7e52929b2ff11acb
-
SHA256
3575cc26ec8d3dd669946f9156ace7eaecca470525d6af8402d0688513cd6992
-
SHA512
de06093dd3f330ab55762f67f9bf9827bb751136b47ecb1f5ccd7484a909661c8d8337a533cb34abbf74b8b8e1a25845970639ff66733dd3839046b1c16b0869
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-