General
-
Target
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e
-
Size
645KB
-
Sample
220707-j9la9sagf7
-
MD5
aba2bc26eaf4cda5216ad5706fe4c7da
-
SHA1
e50f8336bd82b31ba1dec310215b8815a5ea998d
-
SHA256
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e
-
SHA512
4654becebcd41e2884b7121f45942740986e443bdacb54a16ac241a5b070d41d4de43444a11c353fddbd0728194e48ca947cbf7c55fc77052b3035487aa205ca
Static task
static1
Behavioral task
behavioral1
Sample
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\WOQXZFFQOD-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/60bf70a4ebd0784
Extracted
C:\DDOUTYF-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/dfab892997f99513
Targets
-
-
Target
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e
-
Size
645KB
-
MD5
aba2bc26eaf4cda5216ad5706fe4c7da
-
SHA1
e50f8336bd82b31ba1dec310215b8815a5ea998d
-
SHA256
46931155a427d71e4f93e08f8c263659ef6364b6207672d6d412cd0d1c05894e
-
SHA512
4654becebcd41e2884b7121f45942740986e443bdacb54a16ac241a5b070d41d4de43444a11c353fddbd0728194e48ca947cbf7c55fc77052b3035487aa205ca
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-