ioc[.]one - OSINT Cyber Threat Intelligence Database

GandCrab V4.0 Analysis: New Shell, Same Old Menace

Tags

country:	Azerbaijan Belgium Moldova Trinidad And Tobago Uzbekistan Romania Russia Togo Tokelau
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	ffdd8104-c971-4391-b02d-ede04ceb0ac1
Fingerprint	bd14116da53c0ec7
Analysis status	DONE
Considered CTI value	1
Text language
Published	July 9, 2018, midnight
Added to db	Jan. 18, 2023, 11:18 p.m.
Last updated	Sept. 4, 2024, 8:04 p.m.
Headline	GandCrab V4.0 Analysis: New Shell, Same Old Menace
Title	GandCrab V4.0 Analysis: New Shell, Same Old Menace
Detected Hints/Tags/Attributes	64/2/11

Source URLs

	Redirection	Url
Details	Source	https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

URL Provider

Details	Provider	Source level domain
Details	fortinet.com	www.fortinet.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		file_c.php
Details	File	1		crack_sapphire_plugins_for_after_effects.exe
Details	File	1		crack_merging_image_to_pdf.exe
Details	File	11		krab-decrypt.txt
Details	sha256	2		6c1ed5eb1267d95d8a0dc8e1975923ebefd809c2027427b4ead867fb72703f82
Details	sha256	1		15d70bdbf54b87440869a3713710be873e595b7e93c0559428c606c8eec1f609
Details	Url	1		http://gabysutton.com/file_c.php?vubljfwmqpkebpes=437261636b5f53617070686972655f506c7567696e735f666f725f41667465725f456666656374732e657865
Details	Url	1		http://gagaryn.com/file_c.php?lkgpsudyvbjs=437261636b5f4d657267696e675f496d6167655f746f5f5044462e657865
Details	Url	1		http://blog.ygtecnopc.com/file_c.php?rnopbuvnxdmk=437261636b5f4d657267696e675f496d6167655f746f5f5044462e657865
Details	Windows Registry Key	2		HKCU\Software\keys_data\data\private
Details	Windows Registry Key	2		HKCU\Software\keys_data\data\public