Views:

Infection Chain

GandCrab Infection Chain

Capabilities

  • File Encryption
  • Disabling Usage Capability
  • Propagation
  • Download Routine

Available Solutions

VSAPI/SMART
PatternDetection/Policy/RulesPattern branch/versionRelease date
TrendXBKDR.Win32.TRX.XXPE50F13006K0003
Downloader.JS.TRX.XXJSE9EFF010
TROJ.Win32.TRX.XXPE50FFF028
N/AFebruary 1, 2019
VSAPITrojan.JS.GANDCRAB.DLDRC
Ransom.Win32.GANDCRAB.TIOIBOBA
Ransom.Win32.GANDCRAB.TIOIBOAX
Trojan.JS.GANDCRAB.DLDRA
Ransom.Win32.GANDCRAB.SMILB
Ransom.Win32.GANDCRAB.THABAOAH
Trojan.Win32.GANDCRAB.OIBOAV
Ransom.Win32.GANDCRAB.THOAOGAI
Trojan.Win64.GANDCRAB.AMG
Ransom.Win32.GANDCRAB.AA
Ransom.Win32.GANDCRAB.AMM
Ransom.Win32.GANDCRAB.TIOIBOAY
Trojan.W97M.GANDCRAB.AB
Ent OPR 14.795.07February 5, 2019
Behavioral Monitoring
PatternDetection/Policy/RulesPattern branch/versionRelease date
AEGISRAN2320T (GANDCRAB extension and note)AEGIS TMTD OPR 1765March 23, 2018
AEGISRAN2314T (GANDCRAB dropped file and execution)AEGIS TMTD OPR 1753February 19, 2018
AEGISRAN4202T (GANDCRAB extension and noteAEGIS TMTD OPR 1825September 14, 2018
AEGISRAN4201T (GANDCRAB ransom note)AEGIS TMTD OPR 1825September 14, 2018
Email Protection
SubjectMD5Pattern branch/versionRelease date
BC A2897001b3f472fcc9c96721205b75200a145fb2AS Pattern 4414February 6, 2019
:D3d82896f4e56912c29d25eee626fafebAS Pattern 4414February 6, 2019
:)c41c71ea30815c29b52e002ca5b13739AS Pattern 4414February 6, 2019
:)a78cb5897545d040be8312cc65654589AS Pattern 4414February 6, 2019
BC A2897001a1501027d25ad06931665149d3916993AS Pattern 4414February 6, 2019
[SPAM] :)17dafde0547a832fcbd9f7dc14402bc5AS Pattern 4414February 6, 2019
BC A2897001a729651fe7d10e48b4a31f49adac846fAS Pattern 4414February 6, 2019
BC A2897001d2b09bf0401bad25e5a6e9f09d7e2efaAS Pattern 4414February 6, 2019
:)b528af611a852e8ac0d3b9a2a58fda00AS Pattern 4414February 6, 2019
URL Protection
URLCategoryBlocking Date
hxxp://92.63.197.48:80/t.php?new=1Disease VectorOctober 1, 2018
hxxp://92.63.197.153:80/mcdonalds.exeMalware AccompliceFebruary 2, 2019
hxxp://92.63.197.112:80/t.php?new=1Disease VectorSeptember 7, 2018
hxxp://utdifguizdidiz.ru:80/1.exeDisease VectorFebruary 5, 2019
hxxp://uaihefiuieagug.ru:80/5.exeDisease VectorFebruary 5, 2019
hxxp://92.63.197.153:80/1.exeDisease VectorFebruary 1, 2019
hxxp://fieooeoafheifi.ru:80/4.exeDisease VectorDisease Vector February 4, 2019
hxxp://sriuedueiuiefg.ru:80/5.exeDisease VectorFebruary 5, 2019
hxxp:// sefuhsuifhishf.ru:80/2.exeDisease VectorFebruary 4, 2019

Recommendation

Threat Report

Blogs

Read the KB article on Submitting suspicious or undetected virus for file analysis to Technical Support.