virus logo Virus

MSIL/GandCrab.FOD!tr.ransom

description-logoAnalysis

MSIL/GandCrab.FOD!tr.ransom is a generic detection for Ransomware GandCrab trojan.

  • This malware may connect to any of the following remote sites(s):
    • hxxp://www.haarg{Removed}.biz
    • hxxp://www.2mmotor{Removed}[.]biz
    • hxxp://www.bizziniin{Removed}[.]com

  • Below is an illustration of the malware's Ransom notes:

    • Figure 1: Ransom note.

    For more details about this malware please refer to W32/GandCrab.FOD!tr.ransom

    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2018-12-18 64.98900 Sig Updated
    2018-12-12 64.84900 Sig Updated
    2018-12-12 64.84500 Sig Updated
    2018-12-11 64.82600 Sig Updated
    2018-12-11 64.82100 Sig Updated
    2018-12-07 64.72900 Sig Updated
    2018-12-07 64.72400 Sig Updated
    2018-12-06 64.70700 Sig Updated
    2018-11-28 64.50900 Sig Updated
    ID 7952557
    Released Dec 12, 2018
    Description
    Updated    		 Nov 28, 2018
    Aliases HEUR:Trojan-Ransom.MSIL.Crypmod.gen,MSIL/Kryptik.QEQ trojan,GandCrab
    Platform Profile Microsoft Intermediate Language (used for MSIL compiled binaries)