GandCrab v4.1 in the wild — first Windows XP and Server 2003 impacting ransomware SMB worm
Tags
attack-pattern: Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID b17024d8-bee4-4b28-8f3f-15525e41707a
Fingerprint 163eba73ebb631d6
Analysis status DONE
Considered CTI value 0
Text language
Published July 6, 2018, 11:51 a.m.
Added to db Feb. 17, 2023, 9:49 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline GandCrab v4.1 in the wild — first Windows XP and Server 2003 impacting ransomware SMB worm
Title GandCrab v4.1 in the wild — first Windows XP and Server 2003 impacting ransomware SMB worm
Detected Hints/Tags/Attributes 20/1/4
Source URLs
Redirection Url
Details Source https://doublepulsar.com/gandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6
Details Redirection https://doublepulsar.com/gandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6?gi=23caeb310f01
Details Redirection https://doublepulsar.com/gandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6?gi=51462293c4f1
Details Redirection https://doublepulsar.com/gandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6?gi=9a05731f2c00
Details Redirection https://doublepulsar.com/gandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6?gi=fc97e4fb70e3
Details Source https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Fgandcrab-v4-1-in-the-wild-first-windows-xp-and-server-2003-impacting-ransomware-smb-worm-7a7250253b6
URL Provider
Details Provider Source level domain
Details doublepulsar.com doublepulsar.com
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details File 1 
eternalblue.exe
Details File 478 
lsass.exe
Details sha256 3 
8ecbfe6f52ae98b5c9e406459804c4ba7f110e71716ebf05015a3a99c995baa1
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMBv1