01-20-2019 , 06:21 AM
Quote:
The GandCrab ransomware has returned with a new set of trojans in addition to its initial infection.
The GandCrab ransomware has returned with a new set of trojans in addition to its initial infection.
The addition of new tools comes just over a week after at least one threat actor began using a combination the info stealer Vidar with the ransomware to increase their odds of taking something of value away from their attack.
The latest attacks are using PowerShell as an entry point to deliver the first stage of the attacks rather than for encryption.
The payload is a Base64 encoded bytecode of portable executable (PE) which was made with the freeware automation language for Microsoft Windows, AutoIt.
“AutoIt generated PE acts as an unpacker to download other binaries from different servers and create multi layered attack scenario to cover all operating systems with different protections,” Check Point researchers said in the post.
![[Image: crabegg_1475711-860x466.jpg]](https://3erczm2x84t2p8xnj226kmxx-wpengine.netdna-ssl.com/wp-content/uploads/sites/4/2018/08/crabegg_1475711-860x466.jpg)
Full Article