GandCrab Ransomware Analysis and Samples

GandCrab ransomware encrypt user file with GDCB extension and renders them void. It is disseminated via exploits Kits such as RIG EK,GrandSoft EK, EITest campaign (compromised websites), and the Necurs botnet MalSpam campaign. GandCrab is the first ransomware that wants it ransom in DASH Crypto-Currency. VirusTotal report can be found in here.

GandCrab Sandbox Run

GandCrab Ransomware Hash

MD5: a635d6a35c2fc054042b6868ef52a0c3
SHA1: a6d41275384207d250322ab8bc22ca7559ffa9c9
SHA256: 643f8043c0b0f89cedbfc3177ab7cfe99a8e2c7fe16691f3d54fb18bc14b8f45
SSDEEP: 3072:io/ZKgm+JiNOeHtOkrEY+KT/Hfi2CXgJ:iow3NOePIY+QyBX

Download GandCrab Ransomware Sample

The password of the zip is: infected

Download GandCrab Ransomware PCAP