GandCrab has such an immense amount of features, that it is too many to list. We are going to break it up in to several categories to really dive deep and give you a better understanding of how complex this ransomware is. First, we will start of with the core of the encryption to give you a general idea of how it works. If you would like to read more about GandCrab check out these articles on Acronis and MalwareBytes.
- Written entirely in C++ using WinAPI
- No third-party dependencies
- Stub size of 69kb allowing you to embed in exploits very easily
- Multi-threaded encryption; a separate thread is created for each medium
- More than 1400 Masks with AES algorithms using a key of 256-bits.
- Encryption is using RSA-2048
- Encryption algorithm AES mode CBC-based cipher using the CSPRNG, support SSE (Amd/Intel)