Beware of a new Gandcrab campaign that has been unleashed, this new campaign uses the mail title subject ‘My letter just for you’.
The campaign tries to lure unaware users to download an .zip attachment, once the attachment has been downloaded and unpacked, an executable file will be made available. This executable is malicious, as once it is executed it will perform Gandcrab behavior on the device.
GandCrab is a Trojan horse that encrypts files on the compromised computer and demands a payment to decrypt them.
Indicators of compromise:
| email-src | [email protected] |
| email-src | [email protected] |
| email-src-display-name | Billie Gray |
| email-src-display-name | Tasha Williams |
| email-subject | My letter just for you |
| ip-src | 3.175.111.5 |
| ip-src | 185.129.93.28 |
| ip-src | 195.127.5.255 |
| url | http://92.63.197.48/v/kra.exe |
| url | http://92.63.197.48/v/t.php?new=1 |
| user-agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0 |
Additional information:
- https://urlhaus.abuse.ch/url/59638/
- https://www.hybrid-analysis.com/sample/d00717d709f7a5ac4584cd7f77ad89261dc55613a26f725467567b081bf902ff/5ba89e8d7ca3e103b7347d28
- https://app.sndbox.com/sample/6a92bc04-6eef-4aa3-8281-c4402fc7b5df/static
- https://www.virustotal.com/en/file/d00717d709f7a5ac4584cd7f77ad89261dc55613a26f725467567b081bf902ff/analysis/
- https://www.virustotal.com/en/file/0ae2e156724c914cebc087a2eab5d166df15921c3db83e81cd63aef81047db87/analysis/
- https://analyze.intezer.com/#/analyses/fbb068fb-f1dc-441f-adef-706b815b1345