Available Solutions

VSAPI/SMART
Pattern	Detection/Policy/Rules	Pattern branch/version	Release date
TrendX	BKDR.Win32.TRX.XXPE50F13006K0003 Downloader.JS.TRX.XXJSE9EFF010 TROJ.Win32.TRX.XXPE50FFF028	N/A	February 1, 2019
VSAPI	Trojan.JS.GANDCRAB.DLDRC Ransom.Win32.GANDCRAB.TIOIBOBA Ransom.Win32.GANDCRAB.TIOIBOAX Trojan.JS.GANDCRAB.DLDRA Ransom.Win32.GANDCRAB.SMILB Ransom.Win32.GANDCRAB.THABAOAH Trojan.Win32.GANDCRAB.OIBOAV Ransom.Win32.GANDCRAB.THOAOGAI Trojan.Win64.GANDCRAB.AMG Ransom.Win32.GANDCRAB.AA Ransom.Win32.GANDCRAB.AMM Ransom.Win32.GANDCRAB.TIOIBOAY Trojan.W97M.GANDCRAB.AB	Ent OPR 14.795.07	February 5, 2019

Behavioral Monitoring
Pattern	Detection/Policy/Rules	Pattern branch/version	Release date
AEGIS	RAN2320T (GANDCRAB extension and note)	AEGIS TMTD OPR 1765	March 23, 2018
AEGIS	RAN2314T (GANDCRAB dropped file and execution)	AEGIS TMTD OPR 1753	February 19, 2018
AEGIS	RAN4202T (GANDCRAB extension and note	AEGIS TMTD OPR 1825	September 14, 2018
AEGIS	RAN4201T (GANDCRAB ransom note)	AEGIS TMTD OPR 1825	September 14, 2018

Email Protection
Subject	MD5	Pattern branch/version	Release date
BC A2897001	b3f472fcc9c96721205b75200a145fb2	AS Pattern 4414	February 6, 2019
:D	3d82896f4e56912c29d25eee626fafeb	AS Pattern 4414	February 6, 2019
:)	c41c71ea30815c29b52e002ca5b13739	AS Pattern 4414	February 6, 2019
:)	a78cb5897545d040be8312cc65654589	AS Pattern 4414	February 6, 2019
BC A2897001	a1501027d25ad06931665149d3916993	AS Pattern 4414	February 6, 2019
[SPAM] :)	17dafde0547a832fcbd9f7dc14402bc5	AS Pattern 4414	February 6, 2019
BC A2897001	a729651fe7d10e48b4a31f49adac846f	AS Pattern 4414	February 6, 2019
BC A2897001	d2b09bf0401bad25e5a6e9f09d7e2efa	AS Pattern 4414	February 6, 2019
:)	b528af611a852e8ac0d3b9a2a58fda00	AS Pattern 4414	February 6, 2019

URL Protection
URL	Category	Blocking Date
hxxp://92.63.197.48:80/t.php?new=1	Disease Vector	October 1, 2018
hxxp://92.63.197.153:80/mcdonalds.exe	Malware Accomplice	February 2, 2019
hxxp://92.63.197.112:80/t.php?new=1	Disease Vector	September 7, 2018
hxxp://utdifguizdidiz.ru:80/1.exe	Disease Vector	February 5, 2019
hxxp://uaihefiuieagug.ru:80/5.exe	Disease Vector	February 5, 2019
hxxp://92.63.197.153:80/1.exe	Disease Vector	February 1, 2019
hxxp://fieooeoafheifi.ru:80/4.exe	Disease Vector	Disease Vector February 4, 2019
hxxp://sriuedueiuiefg.ru:80/5.exe	Disease Vector	February 5, 2019
hxxp:// sefuhsuifhishf.ru:80/2.exe	Disease Vector	February 4, 2019

[Malware Awareness] GandCrab comes up with new tricks

Product / Version includes:

Apex CentralAll , Deep SecurityAll , Interscan Messaging Security Virtual ApplianceAll , ScanMail for ExchangeAll , Worry-Free Business Security AdvancedAll

Last updated: 2021/08/28

Solution ID: KA-0009124

Category: Remove a Malware / Virus

Summary

The GandCrab ransomware was discovered near the end of January 2018 as part of Ransomware-as-a-Service (RaaS), and it now became the most popular and widespread ransomware.

The GandCrab is the first ransomware that demands payment in Dash cryptocurrency, which is more complicated to trace and uses the ".bit" top level domain (TLD).

The current GandCrab campaign utilizes malvertising and exploits the Struts, JBoss, Weblogic, and Apache Tomcat vulnerabilities.

Infection Chain

Capabilities

File Encryption
Disabling Usage Capability
Propagation
Download Routine

Available Solutions

VSAPI/SMART
Pattern	Detection/Policy/Rules	Pattern branch/version	Release date
TrendX	BKDR.Win32.TRX.XXPE50F13006K0003 Downloader.JS.TRX.XXJSE9EFF010 TROJ.Win32.TRX.XXPE50FFF028	N/A	February 1, 2019
VSAPI	Trojan.JS.GANDCRAB.DLDRC Ransom.Win32.GANDCRAB.TIOIBOBA Ransom.Win32.GANDCRAB.TIOIBOAX Trojan.JS.GANDCRAB.DLDRA Ransom.Win32.GANDCRAB.SMILB Ransom.Win32.GANDCRAB.THABAOAH Trojan.Win32.GANDCRAB.OIBOAV Ransom.Win32.GANDCRAB.THOAOGAI Trojan.Win64.GANDCRAB.AMG Ransom.Win32.GANDCRAB.AA Ransom.Win32.GANDCRAB.AMM Ransom.Win32.GANDCRAB.TIOIBOAY Trojan.W97M.GANDCRAB.AB	Ent OPR 14.795.07	February 5, 2019

Behavioral Monitoring
Pattern	Detection/Policy/Rules	Pattern branch/version	Release date
AEGIS	RAN2320T (GANDCRAB extension and note)	AEGIS TMTD OPR 1765	March 23, 2018
AEGIS	RAN2314T (GANDCRAB dropped file and execution)	AEGIS TMTD OPR 1753	February 19, 2018
AEGIS	RAN4202T (GANDCRAB extension and note	AEGIS TMTD OPR 1825	September 14, 2018
AEGIS	RAN4201T (GANDCRAB ransom note)	AEGIS TMTD OPR 1825	September 14, 2018

Email Protection
Subject	MD5	Pattern branch/version	Release date
BC A2897001	b3f472fcc9c96721205b75200a145fb2	AS Pattern 4414	February 6, 2019
:D	3d82896f4e56912c29d25eee626fafeb	AS Pattern 4414	February 6, 2019
:)	c41c71ea30815c29b52e002ca5b13739	AS Pattern 4414	February 6, 2019
:)	a78cb5897545d040be8312cc65654589	AS Pattern 4414	February 6, 2019
BC A2897001	a1501027d25ad06931665149d3916993	AS Pattern 4414	February 6, 2019
[SPAM] :)	17dafde0547a832fcbd9f7dc14402bc5	AS Pattern 4414	February 6, 2019
BC A2897001	a729651fe7d10e48b4a31f49adac846f	AS Pattern 4414	February 6, 2019
BC A2897001	d2b09bf0401bad25e5a6e9f09d7e2efa	AS Pattern 4414	February 6, 2019
:)	b528af611a852e8ac0d3b9a2a58fda00	AS Pattern 4414	February 6, 2019

URL Protection
URL	Category	Blocking Date
hxxp://92.63.197.48:80/t.php?new=1	Disease Vector	October 1, 2018
hxxp://92.63.197.153:80/mcdonalds.exe	Malware Accomplice	February 2, 2019
hxxp://92.63.197.112:80/t.php?new=1	Disease Vector	September 7, 2018
hxxp://utdifguizdidiz.ru:80/1.exe	Disease Vector	February 5, 2019
hxxp://uaihefiuieagug.ru:80/5.exe	Disease Vector	February 5, 2019
hxxp://92.63.197.153:80/1.exe	Disease Vector	February 1, 2019
hxxp://fieooeoafheifi.ru:80/4.exe	Disease Vector	Disease Vector February 4, 2019
hxxp://sriuedueiuiefg.ru:80/5.exe	Disease Vector	February 5, 2019
hxxp:// sefuhsuifhishf.ru:80/2.exe	Disease Vector	February 4, 2019

Recommendation

Ransomware: Solutions, Best Practice Configuration and Prevention using Trend Micro products

Threat Report

Blogs

Read the KB article on Submitting suspicious or undetected virus for file analysis to Technical Support.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

[Malware Awareness] GandCrab comes up with new tricks

Infection Chain

Capabilities

Available Solutions

Recommendation

Threat Report

Blogs

[Malware Awareness] GandCrab comes up with new tricks

Product / Version includes:

Summary

Infection Chain

Capabilities

Available Solutions

Recommendation

Threat Report

Blogs