Bird_banner_small4
Trojan.Win32.GandCrab.A
TSL ID TSL20180205-04
Severity Moderate
Description

Trojan.Win32.GandCrab.A is a ransomware Trojan that targets the Windows platform. The malware collects system information and sends it to a remote server. The malware encrypts files with the specific extensions on the infected system and leaves the ransom notes on the infected machine, with instructions to follow in order to get the files decrypted. Furthermore, it creates a RunOnce key to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 6866D8D8BF8565D94E0E1479978CF1E5
SHA1:
  • 2245BD90B753B7FD29B7218A0EF50435C64F8767
Identifiers
Kaspersky
  • TROJAN-RANSOM.WIN32.GANDCRYPT.J
McAfee
  • RDN/GENERIC.GRP
Microsoft Malware Protection Center
Sophos
  • TROJ/RANSOM-EVH
Symantec
  • RANSOM.GANDCRAB
TrendMicro
AhnLab-V3
  • TROJAN/WIN32.INJECTOR.R218878
ALYac
  • TROJAN.RANSOM.GANDCRAB
Arcabit
  • TROJAN.GENERIC.D3D118B
Avira
  • TR/CRYPT.ZPACK.FROBL
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9999
BitDefender
  • TROJAN.GENERICKD.4002187
CAT-QuickHeal
  • TROJAN.GANDCRYPT
Comodo
  • TROJWARE.WIN32.JORIK.B
Cybereason
  • MALICIOUS.0B753B
DrWeb
  • TROJAN.ENCODER.24384
ESET-NOD32
  • WIN32/KRYPTIK.GCLI
Ikarus
  • TROJAN-RANSOM.GANDCRAB
Jiangmin
  • TROJAN.RECONYC.HSW
NANO-Antivirus
  • TROJAN.WIN32.GANDCRYPT.EXJUZT
Rising
  • MALWARE.UNDEFINED!8.C
ViRobot
  • TROJAN.WIN32.RANSOM.235520.B
References https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/
Related Threats