GANDCRAB Ransomware

Forum for analysis and discussion about malware.
Post Reply
ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Jun 07, 2018 4:45 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Thu Jun 07, 2018 6:52 pm

GandCrab ransomware js downloader

Payload: https://www.virustotal.com/en/file/dfa1 ... /analysis/

BR,

Antelox

ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Nov 08, 2018 5:45 pm

Request what is inside file .?????? 3 files

https://www.virustotal.com/en/file/3427 ... 541699001/
You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Fri Nov 09, 2018 9:26 am

ikolor wrote:
Thu Nov 08, 2018 5:45 pm
Request what is inside file .?????? 3 files

https://www.virustotal.com/en/file/3427 ... 541699001/
MD5: 65b46fb8657bb696cd7fe3726b12ecff - AZORult with c2: hxxp://51.15.232.106/BB75F2F4-BB44-4C51-A62C-4A43BF10EE11/index.php

MD5: de030d9ae03c9a8d2bee41c0df01ee4d - GandCrab ransomware

MD5: 963e94ed59de1084eec4545380cd2386 - it seems just an infection reporter by logging number of requests to hxxps://2no.co/1FBR47

BR,

Antelox

711PartTimeJob
Posts: 9
Joined: Mon Feb 08, 2016 8:11 pm

GANDCRAB Ransomware

Post by 711PartTimeJob » Sun Nov 11, 2018 2:07 pm

The specific variant I have is version 5.0.4.
I found it included with a version of the fastfolders installer that is bundled with various malware.
Encrypted files are marked with a .lhvguht extension.
Sets the following wallpaper:
Image
MD5: de030d9ae03c9a8d2bee41c0df01ee4d
SHA-1: 1ebc7cb36a0f2d5b857de4f1c73f2c0b880c8629
SHA-256: a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926
VT [34/66]: https://www.virustotal.com/#/file/a45bd ... 47435fe926
a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.zip
You do not have the required permissions to view the files attached to this post.

Post Reply