. https://blogs.quickheal.com/gandcrab-ransomware-along-monero-miner-spammer/
blog article
Recently we saw a new campaign through spam mail attachment- zip file. It contains JavaScript file which delivers a bundle of GandCrab Ransomware, Monero miner and Spammer. This bundle of multiple malware variants is nothing new, it is common for ransomware to be paired with miner and spammer. This type of attacks helps hackers increase their chances of profit. In case the victim does not pay the ransom, then hackers use Monero miner and spammer, ultimately attacker’s intention is to get control over the victim’s system and get the ransom. Spam mail is the infection source of this campaign; attackers use such a type of subject name so that victim is convinced to open the mail and then the attachment. Subject name is such as “Greeting Card”, “My letter just for you”,” Always thinking about you”,” This is my love letter to you”,” Just for you!”,” Wrote my thoughts down about you”,” I love you”,” Felt in love with you!”. JavaScript is highly obfuscated with base64 encode and URL encode. It uses bitsadmin.exe and PowerShell.exe to download artifacts from Hosted malware domain. READ MORE