General
-
Target
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe
-
Size
162KB
-
Sample
240726-h2x5estckl
-
MD5
9587c262dc22fce8fb638e6505ca4e7f
-
SHA1
c9e2632df00e35cc8503fd8a4fc16dd146ce4193
-
SHA256
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db
-
SHA512
b2e1ac65b98f23804f35652fe5a0c0776efa6527136ba74f726bcf8ff8437e1ee058d5d755dcf50457f47408650b1ee1297fedc01e4b8480f7fe4f23677de09c
-
SSDEEP
3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN/GCH:DyOqqDL64vdGREzu
Behavioral task
behavioral1
Sample
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db.exe
-
Size
162KB
-
MD5
9587c262dc22fce8fb638e6505ca4e7f
-
SHA1
c9e2632df00e35cc8503fd8a4fc16dd146ce4193
-
SHA256
f9a149a058bf6018b2d1827a95f80e4c2df737c156fc7cc973c44eaeafd589db
-
SHA512
b2e1ac65b98f23804f35652fe5a0c0776efa6527136ba74f726bcf8ff8437e1ee058d5d755dcf50457f47408650b1ee1297fedc01e4b8480f7fe4f23677de09c
-
SSDEEP
3072:DYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN/GCH:DyOqqDL64vdGREzu
-
GandCrab payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-