General
-
Target
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8.exe
-
Size
444KB
-
Sample
240726-dzm48atdrq
-
MD5
ef6da88c6be6fb9b3da57d60ba73fc42
-
SHA1
d91a8cdf950085dd1eff243452ff41d165baad3f
-
SHA256
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8
-
SHA512
15ebe4b168b34fcbef387fc87fbdda37b68cd16b24f5d03aa609725fc20dd0ad9f251c57d9527378a33ad15d258b0bff8ac4e350bdcc76c673de7d9711dc5dbb
-
SSDEEP
6144:0UGV83D35bJrqV2L/E0tA+j16kUef5Nj1mB9WjEw0tzMVv:nvmVe9h1qEtkBzw0tQ
Static task
static1
Behavioral task
behavioral1
Sample
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
F:\$RECYCLE.BIN\S-1-5-21-2958949473-3205530200-1453100116-1000\OVYRT-DECRYPT.txt
http://gandcrabmfe6mnef.onion/2f012ef589d6ac51
Extracted
C:\$Recycle.Bin\KIPCAIE-DECRYPT.txt
http://gandcrabmfe6mnef.onion/d3d51b22999174dc
Targets
-
-
Target
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8.exe
-
Size
444KB
-
MD5
ef6da88c6be6fb9b3da57d60ba73fc42
-
SHA1
d91a8cdf950085dd1eff243452ff41d165baad3f
-
SHA256
60e55ca2aeeeacc6428a1e9c1b43742009a8f50807bbebee0d1527ba155268b8
-
SHA512
15ebe4b168b34fcbef387fc87fbdda37b68cd16b24f5d03aa609725fc20dd0ad9f251c57d9527378a33ad15d258b0bff8ac4e350bdcc76c673de7d9711dc5dbb
-
SSDEEP
6144:0UGV83D35bJrqV2L/E0tA+j16kUef5Nj1mB9WjEw0tzMVv:nvmVe9h1qEtkBzw0tQ
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (292) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-