Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
August 30, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 30, 2021Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
August 30, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 30, 2021Severity
High
Analysis Summary
Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential victim into downloading attached malicious files. The infection process begins once a victim opens the attachment. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom amount be paid. GandCrab usually targets consumers and businesses with PCs running Microsoft Windows. GandCrab has been involved in some of the biggest ransomware attacks, causing massive monetary loss to victims. GandCrab operators usually attempt to impersonate legitimate services in order to successfully victimize the target. For instance, in January 2020, GandCrab was distributed packed in a word document “Flu pandemic warning.doc” supposedly coming from the Center for Disease Control.
Impact
- Files Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 8ee75277418d2c5b262be010e61d10a5
SHA-256
- c83f08e7b10108547d2c898ab56a3564029438a028a4655ae266816818370de2
SHA1
- e3077d7d26de774830d83eaa04a315ab18a49dfa
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.