SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.gammadrop (Back to overview)

GammDrop

Actor(s): Gamaredon Group

According to HarfangLab, GammaDrop is a VBScript-based downloader that forms the first stage of a two-stage infection chain. It uses obfuscated VBScript stored in a stealthy data stream to fetch a second-stage HTA payload (GammaLoad) and execute it, achieving persistence via the Startup folder.

References
2026-05-13HarfangLabHarfangLab CTR
Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoad
GammDrop GammaLoad

There is no Yara-Signature yet.