General
-
Target
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7.exe
-
Size
90KB
-
Sample
240726-gjqrystaqa
-
MD5
96e7ffb9edc2f7592c34a4d841ba566c
-
SHA1
d43df00b7a91966ac3e10e324a57d5658f84d88b
-
SHA256
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7
-
SHA512
fc6d4038293b78ad3336c5533dae1fdc59d4f0786d588bc3f5b4c2f2d147cbb1c9a40a058ecbd3c226c97e965f5cea58c0ff47e2697dadc0db416e4a20e93d0d
-
SSDEEP
1536:J555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:2MSjOnrmBxMqqDL2/mr3IdE8we0Avu52
Behavioral task
behavioral1
Sample
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
gandcrab
http://gdcbghvjyqy7jclk.onion.top/
Targets
-
-
Target
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7.exe
-
Size
90KB
-
MD5
96e7ffb9edc2f7592c34a4d841ba566c
-
SHA1
d43df00b7a91966ac3e10e324a57d5658f84d88b
-
SHA256
c4a88edc19372fb161b492057f1394b2739a79e35e8285430bd7cf0ad62c03a7
-
SHA512
fc6d4038293b78ad3336c5533dae1fdc59d4f0786d588bc3f5b4c2f2d147cbb1c9a40a058ecbd3c226c97e965f5cea58c0ff47e2697dadc0db416e4a20e93d0d
-
SSDEEP
1536:J555555555555pmgSeGDjtQhnwmmB0yJMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rS:2MSjOnrmBxMqqDL2/mr3IdE8we0Avu52
-
GandCrab payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-