2018-07-25 - QUICK POST: RIG EK PUSHES GANDCRAB RANSOMWARE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2018-07-25-Rig-EK-pcaps.zip   509 kB (509,039 bytes)
• 2018-07-25-Rig-EK-malware-and-artifacts.zip   225 kB (225,283 bytes)

NOTES:

• It's been a while since I've run across either Rig EK or GandCrab ransomware.
• Rig EK hasn't changed much, traffic-wise.
• GandCrab version 4 has much different post-infection traffic than I've seen before with previous versions of GandCrab.
• This GandCrab sample didn't run on a virtual host, so I moved it to a physical host.
• For more details on GandCrab v4, Bleeping Computer did a nice write-up earlier this month here.

 

 

 

 

Click here to return to the main page.