Description
Gandcrab is a Trojan horse that encrypts files on a computer.
2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe
656KB
211020-ly8njaghc2
538d23ef01426d1157fa1137471a5cf7
ab553df2bb4f7f8d98cc39ac773aaaa1c7ca110f
af8e74d00babaae01b6f3b137cff7b6a6951456c66ffa95122695dad6c7b41a9
9df42f3c39a8982bc77c82010509c3e98cc56c2d71c6f5f20274c0fbde17c58607d9579877983e2239d30fd60be14402b2b9e3d9295168a3cc8d31ac8f4a1111
Path | C:\KSPREIW-MANUAL.txt |
Family | gandcrab |
Ransom Note |
---= GANDCRAB V5.2 =---
***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************
*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .KSPREIW
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
| 0. Download Tor browser - https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/9dd5ac38f623035
| 4. Follow the instructions on this page
----------------------------------------------------------------------------------------
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
ATTENTION!
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
---BEGIN GANDCRAB KEY---
lAQAANIit1arAsJBGWadVuSJMdHbghSpRBX+r21M/fDl0YqRs3GtaR4Ir4t4w1gC4CPncgafDMeqAF65VfUpPCuZ/boSmieCrLKpDIapDyHFERpOkjlSbYQpOwAxLStwBMBulsDjHmpKuaHEusBqHOMLtLBpkQmCu9w0VAAzKUFP0DWi3les5yYrCWr4/EwsNHY+sOCFsRqZFwWgXXxagusGYTThOTcyRyY6GsrtRk7zGBU/kJo1nBvuzgepFKhuoT4zz1ub82leLSuG/+sUK2IzQtW41SIinyZqbomsRKtAsCZQ9f4YUgE2ehs2ZX4OXRDa5pIeInyI2XYZ8JBpXqnqoz5x9McQUucZ07bixTcuqd4Cme8WHu8kPV3nvhwDjBFoZTojSGI+AJmSuA848F+wVzco7bengZthkVB0l6+mZEDy5lLoY8OP5Pss8ze1rueSWMddS9DdjO1nOaTVqtijw5DFbPQmLwUy5XNYOxoRw6CO/36V+SewLMNbhD26anOslQYVj6ryUYxuMiil/8mr7Mqmw/dXUmTXriM3f93wqG8ush36dhtElyzMEADo4xPf3fr9I9yIkkeglY2QByxvdw01sbvVVIEHCVgX38tddan2yaOCBqZmFp4xMl8lqnIIC6VIG8wsTvkI04hInPQum1XEDI3QqoX6Zo2PFyxemEyooHQsrh/9j8eAddV4oceb2N8KDTt6W4GwTKbU3gpNW3We3lfIUS/tyd0g5QxhPozjrj/UkqVhmcipUGF09BPZc0o6hl8viEoZTwIQD/UmTnqUSilFq0OCT4rKncNBcIs9YDJL1YW0DpvnH2LnkI/Kqq5ZS4L2VCu0PRmx8IQIcKAPVOu07bXFdhr/JMpJPGiXnWclO/ZfQ0uaP/8CZ2WuAjtVhGEO2lGcE4RJDJisFmm2utKDZ7iPN4fSfXEHH7JAhjqF2hMTugnHzbOS623D4BehCns2CoePojx7RCgOxPpG+HcgpeYVarowwfwbGxVSB6ma3sLuEfkmqvCKLtHyHgzikRuGE5B1337MeI3dJAqzJWIj/rqKmo5T3GWn4WQ2erbVh+qy3ZIFJXsBUDiScCQvIEv6wiRPHoCnRXZoDVkk3CYpTxbt8RQZ9ZtsR7sc5nQOKwaf7QyMWDgbwGfU6XiLTjpac6WzMZDI6IsGuInValsBw4CQ4vpGFB/raizVVPu0beH2VB4dQ1oBtUHrbuI5bGACmQrGCQruuMi928UQLpHPE4pwpCvEfxdn8w80dU7oAfQM05j1uAR+u6AYZgZxqm7/tYtUN0hpbP4JZ/0FeMJrvXHy0Ltxb3D69g/gETmfJy2r6S54ENj8AM83m0H23q1hNg2tnVWjbsHXz2raxoDe7vAkCY0njRW8+3OX2rKRxgPiZ7uwYpSi78u6ZVS1NxJcyO4q+nOKuTczWFx+tZce0gjP3uqPNrqVvyj2gYtM5DQIYw0LvuKQ7ulxNTQTK9UuQkfJ1N21GvHY9IsqYww/TK1ZaPWYbFsBcgehOT0QP8qWlP6qQg0CnHga7JpbKSQVX+X2cUJVhFpM8vf5S3Dev6FIlzbPjeuKulMYjCDXqNtL02ObTGaJ0V4qt8jEngi8+yvE2//L5z/9caMxa+P0pb4totR0hrOomyciAr6wS795d4q2Z1mnlIr7Iy1nL7ZjlDPmgyqVhq2wLjlUqNwM5fxr5jcr5jlWa5tXv9HK1opB9Q/Y8isUmEyTixuv20RnclbcJjdjLjX7EuJfIrCdzkMhZ4SAVhSZ/H4Z/sDj0iMDtU3hod0KcJMO2eBXEJPKg+p2Kkvju2X67R1/kUn3B0ZcGJ1eMo7lzBQhh1WuN95+Qz/MsjN87bB7Dwb2gnjAr1U6693idYd8dyRoKvBNT3EiLqXY2C0Dpo2Dk3AvldQiPtdZ3juD16dMEGp1zI6fE/o5gSSx2nnL/o+wPFMxMtbh0mPml+BzFeC5/XByGLbWs89gbw5v1A0+OOS6gZ/MPKmubTRl3za6tR8nAfWkH1L2AocqeBcCVmnvcqKfwFNVYCL9rYi/uBlgxCiBGVcz7I2jJj+Z8+IO31hs5abrJak/11OHT3TL+bp2qnwmnuee8EX+Uev9PoRONGbW1IXNaHXQu8AB7P0ZNmLWLPduGKd7wNaHuOWdfhOdhbFfnIB9ypnx9SmJXeSkT7ngWvcXkOcwiiNJwrM88AEo8kZPE0k2GQDPv+EuhqIxJkIRc+8mSTpYRpd+CsQ98rT+gws=
---END GANDCRAB KEY---
---BEGIN PC DATA---
7ftDEgLb/ZS0lcmZbHM61KDJ6AOtD78KkA7absMgUXYxWLsC+5+UYF9xVmDs9M/JL5DWAuiVveDZRWXIKnQXQzua3LPyzokSUuglaqKXwabsGM4pXku5In6gtMQMqg7sgEh1XW1iPMFgiUj/s1LdWpJHdiPjMpn7rCZNO/A31mak0K8RefoREu3BxtlAsseHWfVIIKN0U4NnA3w0Ga7XDLlF3iOIB6ImYbF6Z/7MBN2mgBr2rZ2gU1R7jNxjWLwyoIX95yRHFXKdMI+BkVChenio/1q0nJSZoF9ASQvO7zBnmOH7+ICDGAMpA6ikRWoVdffN00xSVyCWtLmJddBbBiJqrMY9R+C3MrHJmcKR1EfUP43y8fMWLL7jL6Obr2BWwOYITy/J3fayLzJ0v/eISzKziqAuoTvFrp2NPDax/ChAud3oN1oI6iuVzemsqBxvZrwArtoypS8R1aOlCzmc7qd4A+wugXqwckyKb/0f4NwELWWjqbjVwFTi8zPJKLqg0o3dWOf+twlLvHCigIFeEudEtyMvAIvhltRRIBf1D0HFyeWMPZ1Z1lc/pOQ=
---END PC DATA---
|
URLs |
http://gandcrabmfe6mnef.onion/9dd5ac38f623035 |
2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe
538d23ef01426d1157fa1137471a5cf7
656KB
ab553df2bb4f7f8d98cc39ac773aaaa1c7ca110f
af8e74d00babaae01b6f3b137cff7b6a6951456c66ffa95122695dad6c7b41a9
9df42f3c39a8982bc77c82010509c3e98cc56c2d71c6f5f20274c0fbde17c58607d9579877983e2239d30fd60be14402b2b9e3d9295168a3cc8d31ac8f4a1111
Gandcrab is a Trojan horse that encrypts files on a computer.
Ransomware often targets backup files to inhibit system recovery.
Ransomware generally changes the extension on encrypted files.
Infostealers often target stored browser data, which can include saved credentials etc.
Attempts to read the root path of hard drives other than the default C: drive.