GandCrab | Threat Level: critical | Type: Ransomware

Cryptographic Identifiers

SHA25612b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5
MD569d9a8ca55d981e263da1188bb7c8097
File Typeexe
Size70.0 KB
First Seen2023-03-08
File Name2023-03-07_69d9a8ca55d981e263da1188bb7c8097_gandcrab
TagsGandcrab

Malware Family: GandCrab

GandCrab, en yaygın eski ransomware'dir.

TypeRansomware
Programming LanguageC
Target PlatformWindows
C2 ProtocolHTTP
PurposeMaaS ransomware
First Seen Year2018

Threat Indicators (IOC)

  • SHA256: 12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5
  • MD5: 69d9a8ca55d981e263da1188bb7c8097

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. Do not pay the ransom — there is no guarantee your files will be restored
  3. Quarantine the affected drives
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. Try available decryptor tools (the NoMoreRansom project)
  6. Report the incident to the authorities (cybercrime unit)
  7. Temiz bir yedekten kurtarın; yedeğiniz yoksa sürücüyü saklayın

YARA Rule Hints

rule GandCrab_SHA256 {
    meta:
        description = "GandCrab sample: 12b3221e4315f431"
        threat_level = "critical"
        first_seen = "2023-03-08"
    condition:
        hash.sha256(0, filesize) == "12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5"
}

GandCrab — Malware Profile

GandCrab, 2018-2019 aktif RaaS ailesidir. 1.5 milyar USD hasar. RSA+Salsa20. Haziran 2019 kapandi. REvil oncusu.

Malware Type
Ransomware
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — GandCrab
# SHA256 12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5 # MD5 69d9a8ca55d981e263da1188bb7c8097
TypeValueNote
sha256 12b3221e4315f4316195938ce990430ba038f869c8a8f38706b85d93b0e33fb5 Sample:GandCrab
md5 69d9a8ca55d981e263da1188bb7c8097 Sample:GandCrab
Tags
gandcrabransomwaremalwarecriticalsha256hash-analizi