General
-
Target
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4
-
Size
97KB
-
Sample
220708-vcjxqaagcj
-
MD5
cabe7d06f7e01ce4defeb28cbef8f6b4
-
SHA1
5181421e8d79ec937e8c6f30e429f697c0094375
-
SHA256
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4
-
SHA512
7d0b344f9decdbc63189ae83767e18395e76fd9030860ce9ca714e38ce1ecc5908f9bb41894282ded4c1c85d02e224037b5c8889895b8a9bb8f4c285b8a24795
Static task
static1
Behavioral task
behavioral1
Sample
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\OTDNSG-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/f8dab462190a85f1
Extracted
C:\KKZGZC-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/18cabac32c27d24
Targets
-
-
Target
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4
-
Size
97KB
-
MD5
cabe7d06f7e01ce4defeb28cbef8f6b4
-
SHA1
5181421e8d79ec937e8c6f30e429f697c0094375
-
SHA256
1daa1191a512b98c239bd288e26e52f1ab488c9c7da1e41b76f5f1bb5469b5e4
-
SHA512
7d0b344f9decdbc63189ae83767e18395e76fd9030860ce9ca714e38ce1ecc5908f9bb41894282ded4c1c85d02e224037b5c8889895b8a9bb8f4c285b8a24795
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-