General
-
Target
3d6b4312947a3a0f76abd8981c5452dfd26aadaa109d3e200d987f8e903d5ab0
-
Size
208KB
-
Sample
220703-dnw8raehe4
-
MD5
b28e0a994aec0fed8a429852f5f96b69
-
SHA1
ae83fb72418e9ab22722b9ece02f93860b4ffc6c
-
SHA256
3d6b4312947a3a0f76abd8981c5452dfd26aadaa109d3e200d987f8e903d5ab0
-
SHA512
a9031899f7cea9153e9fa3442bfbfd001cd157347828ebcc0dace421f4571464bffac582522b3aecc0297925ec01d6ee4f208cf679ae5987a584ac583db9ac2f
Static task
static1
Behavioral task
behavioral1
Sample
3d6b4312947a3a0f76abd8981c5452dfd26aadaa109d3e200d987f8e903d5ab0.exe
Resource
win7-20220414-en
Malware Config
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/adcaf1adadfc674f
Extracted
C:\KRAB-DECRYPT.txt
http://gandcrabmfe6mnef.onion/b4501dc620c28291
Targets
-
-
Target
3d6b4312947a3a0f76abd8981c5452dfd26aadaa109d3e200d987f8e903d5ab0
-
Size
208KB
-
MD5
b28e0a994aec0fed8a429852f5f96b69
-
SHA1
ae83fb72418e9ab22722b9ece02f93860b4ffc6c
-
SHA256
3d6b4312947a3a0f76abd8981c5452dfd26aadaa109d3e200d987f8e903d5ab0
-
SHA512
a9031899f7cea9153e9fa3442bfbfd001cd157347828ebcc0dace421f4571464bffac582522b3aecc0297925ec01d6ee4f208cf679ae5987a584ac583db9ac2f
-
GandCrab Payload
-
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
suricata: ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-