General
-
Target
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a
-
Size
98KB
-
Sample
220707-yxtt7sccc7
-
MD5
eae1d32442fadc2b737837adada39c54
-
SHA1
3779ec749f00515e31eb4fff4ae8205f44a6ea80
-
SHA256
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a
-
SHA512
52151027c9ee32466ac34852ac9eec07a06fedab15309ef3a4d3b4138e39b7856dbb798e3b222a4cab8242532e8066001d785c64856830ee1d902139a7c666f0
Static task
static1
Behavioral task
behavioral1
Sample
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\QXHJI-DECRYPT.txt
gandcrab
http://gandcrabmfe6mnef.onion/6523c40b5cc87b87
Extracted
C:\CKTJOXFSMH-DECRYPT.txt
gandcrab
http://gandcrabmfe6mnef.onion/b7b0a78289b6c66
Targets
-
-
Target
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a
-
Size
98KB
-
MD5
eae1d32442fadc2b737837adada39c54
-
SHA1
3779ec749f00515e31eb4fff4ae8205f44a6ea80
-
SHA256
2e818946ec3ef46b1274aa212fdf73c2214ea00f8db0533cbc4fba353a60ce5a
-
SHA512
52151027c9ee32466ac34852ac9eec07a06fedab15309ef3a4d3b4138e39b7856dbb798e3b222a4cab8242532e8066001d785c64856830ee1d902139a7c666f0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-