Rewterz Threat Alert –GandCrab Ransomware – Active IOCs

Severity

High

Analysis Summary

Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential victim into downloading attached malicious files. The infection process begins once a victim opens the attachment. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom amount be paid. GandCrab usually targets consumers and businesses with PCs running Microsoft Windows. GandCrab has been involved in some of the biggest ransomware attacks, causing massive monetary loss to victims. GandCrab operators usually attempt to impersonate legitimate services in order to successfully victimize the target. For instance, in January 2020, GandCrab was distributed packed in a word document “Flu pandemic warning.doc” supposedly coming from the Center for Disease Control.

Impact

• Files Encryption
• Data Exfiltration

Indicators of Compromise

MD5

• 97a449fed7d800a8a635592605ff8a67
• e6714bce3d8d9d0749572bd20ada0d96
• 95557a29de4b70a25ce62a03472be684
• f2d170a6e1587aaaefb60c502da9c95d

SHA-256

• 233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6
• b8b50ac7b9bfc4be19c9dd9b4fdc469773d8e1eee72194f2779c522f953e6adb
• 49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200
• ab0a0e96d9c2c44d1a18531b6a881f87ae002156634c3af5f5329e862647fb56

SHA1

• 2f339d8b2edb7c07126d9a3c37effe14966817c5
• 4f2dedc17145ce8ebdee9eff605aa5ad1e87717e
• 5baabf2869278e60d4c4f236b832bffddd6cf969
• 1917f2de8cd1a51c072a0c1b4adf0a8efc309972

Remediation

• Block the threat indicators at their respective controls.
• Do not download files attached in untrusted emails.
• Do not download files from random sources on the internet