General
-
Target
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629
-
Size
686KB
-
Sample
220708-ej5vrsaeh9
-
MD5
efa2a4323f392f4200b1955e61c8faa9
-
SHA1
1c2ff80ad2942b508c9e410a1403ee8ec05bf6b7
-
SHA256
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629
-
SHA512
9c4253d4062dc43c4dfc18c0a49bafb9fc74bab4ced012404f7d9996204784bf684e2810abfa81fcc48ccea780f08600d67ab3b0a41ce867d09399e5c162e788
Static task
static1
Behavioral task
behavioral1
Sample
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\ODFGEIT-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/85004426a53c29ec
Extracted
C:\WHIRMP-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/c547bbe5e6e70bed
Targets
-
-
Target
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629
-
Size
686KB
-
MD5
efa2a4323f392f4200b1955e61c8faa9
-
SHA1
1c2ff80ad2942b508c9e410a1403ee8ec05bf6b7
-
SHA256
41fb0d5abfce450b71c05c46fe04ea03c31264c7474832d9979dbb1d03865629
-
SHA512
9c4253d4062dc43c4dfc18c0a49bafb9fc74bab4ced012404f7d9996204784bf684e2810abfa81fcc48ccea780f08600d67ab3b0a41ce867d09399e5c162e788
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-