Gandcrab Process Doppelgang
released on 2019-07-26 @ 02:43:39 PM
During an analysis we conducted while tracking GandCrab ransomware, one of the more notorious malware families in 2018 and 2019, we noticed an interesting behavior. In some cases, it seemed to have been using Process Hollowing as part of its attack chain.