Next..
https://www.virustotal.com/en/file/cfac ... 528389829/
GANDCRAB Ransomware
Re: Malware collection
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
GandCrab ransomware js downloaderikolor wrote: ↑Thu Jun 07, 2018 4:45 pmNext..
https://www.virustotal.com/en/file/cfac ... 528389829/
Payload: https://www.virustotal.com/en/file/dfa1 ... /analysis/
BR,
Antelox
Re: Malware collection
You do not have the required permissions to view the files attached to this post.
Re: Malware collection
MD5: 65b46fb8657bb696cd7fe3726b12ecff - AZORult with c2: hxxp://51.15.232.106/BB75F2F4-BB44-4C51-A62C-4A43BF10EE11/index.phpikolor wrote: ↑Thu Nov 08, 2018 5:45 pmRequest what is inside file .?????? 3 files
https://www.virustotal.com/en/file/3427 ... 541699001/
MD5: de030d9ae03c9a8d2bee41c0df01ee4d - GandCrab ransomware
MD5: 963e94ed59de1084eec4545380cd2386 - it seems just an infection reporter by logging number of requests to hxxps://2no.co/1FBR47
BR,
Antelox
-
- Posts: 9
- Joined: Mon Feb 08, 2016 8:11 pm
GANDCRAB Ransomware
The specific variant I have is version 5.0.4.
I found it included with a version of the fastfolders installer that is bundled with various malware.
Encrypted files are marked with a .lhvguht extension.
Sets the following wallpaper:

MD5: de030d9ae03c9a8d2bee41c0df01ee4d
SHA-1: 1ebc7cb36a0f2d5b857de4f1c73f2c0b880c8629
SHA-256: a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926
VT [34/66]: https://www.virustotal.com/#/file/a45bd ... 47435fe926
I found it included with a version of the fastfolders installer that is bundled with various malware.
Encrypted files are marked with a .lhvguht extension.
Sets the following wallpaper:

MD5: de030d9ae03c9a8d2bee41c0df01ee4d
SHA-1: 1ebc7cb36a0f2d5b857de4f1c73f2c0b880c8629
SHA-256: a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926
VT [34/66]: https://www.virustotal.com/#/file/a45bd ... 47435fe926
You do not have the required permissions to view the files attached to this post.