GandCrab | Threat Level: critical | Type: Ransomware

Cryptographic Identifiers

SHA256dbfcb422012cb79f704a4d74430c2af0324ac63ea881b6e710a5a4228e7bd4a1
MD543279d555fe16a3801ed11ea12c69d03
File Typeexe
Size70.0 KB
First Seen2023-03-08
File Name2023-03-07_43279d555fe16a3801ed11ea12c69d03_gandcrab
TagsGandcrab

Malware Family: GandCrab

GandCrab, en yaygın eski ransomware'dir.

TypeRansomware
Programming LanguageC
Target PlatformWindows
C2 ProtocolHTTP
PurposeMaaS ransomware
First Seen Year2018

Threat Indicators (IOC)

  • SHA256: dbfcb422012cb79f704a4d74430c2af0324ac63ea881b6e710a5a4228e7bd4a1
  • MD5: 43279d555fe16a3801ed11ea12c69d03

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. Do not pay the ransom — there is no guarantee your files will be restored
  3. Quarantine the affected drives
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. Try available decryptor tools (the NoMoreRansom project)
  6. Report the incident to the authorities (cybercrime unit)
  7. Temiz bir yedekten kurtarın; yedeğiniz yoksa sürücüyü saklayın

YARA Rule Hints

rule GandCrab_SHA256 {
    meta:
        description = "GandCrab sample: dbfcb422012cb79f"
        threat_level = "critical"
        first_seen = "2023-03-08"
    condition:
        hash.sha256(0, filesize) == "dbfcb422012cb79f704a4d74430c2af0324ac63ea881b6e710a5a4228e7bd4a1"
}

GandCrab — Malware Profile

GandCrab, 2018-2019 aktif RaaS ailesidir. 1.5 milyar USD hasar. RSA+Salsa20. Haziran 2019 kapandi. REvil oncusu.

Malware Type
Ransomware
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — GandCrab
# SHA256 dbfcb422012cb79f704a4d74430c2af0324ac63ea881b6e710a5a4228e7bd4a1 # MD5 43279d555fe16a3801ed11ea12c69d03
TypeValueNote
sha256 dbfcb422012cb79f704a4d74430c2af0324ac63ea881b6e710a5a4228e7bd4a1 Sample:GandCrab
md5 43279d555fe16a3801ed11ea12c69d03 Sample:GandCrab
Tags
gandcrabransomwaremalwarecriticalsha256hash-analizi