General
-
Target
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0.zip
-
Size
77KB
-
Sample
230713-c56yvafb67
-
MD5
3c5e11867444692871678c32d60eee99
-
SHA1
d5f0e2737de1f6644b4002f998c9be9438b2dca2
-
SHA256
ae865231cb46dd09afbd0213f6d29d158ae0c1752337ffab880183ea7fe96ed8
-
SHA512
2b8ec68a2691ef4ff637231d8e986bcc6cc645e2ff1607384cee190d472c4f70156732a05d730e9b7a23482cdee2b9156ebdf0d3ac34d4b0a99dea80a9c96bf5
-
SSDEEP
1536:mnTjhSrsq8rJ5WT8comcjKnVEN/ffj+XG6Ow7/+JgtqJ9H6YTHTEEhWHyzM:mTjwrd8rJo0mcOVe/DcOl6YTHA+zM
Malware Config
Targets
-
-
Target
o.bin
-
Size
183KB
-
MD5
07fadb006486953439ce0092651fd7a6
-
SHA1
e42431d37561cc695de03b85e8e99c9e31321742
-
SHA256
d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0
-
SHA512
5b09a07371bb5350b22c78aa3e7e673ba61ce72a964e072749a4633e2c15f416c05953cc6e6f6c586df010aa7f2c9c0ab87a014e4f732e5fdb2d58778a1fb437
-
SSDEEP
3072:Ealy19emgKe0QuYS3UmWuDTEltI3S/7IarDrjCgrQp0M7W:EaqxxDwx/7IS40MS
Score10/10-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (260) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (266) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-