HOMETHREATSGammDrop
APT / THREAT GROUP

GammDrop

2
aliases
Last seen:Jun 21, 2026

Intelligence Profile

According to HarfangLab, GammaDrop is a VBScript-based downloader that forms the first stage of a two-stage infection chain. It uses obfuscated VBScript stored in a stealthy data stream to fetch a second-stage HTA payload (GammaLoad) and execute it, achieving persistence via the Startup folder.

Threat Analysis

GammDrop is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

vbs.gammadropGammDrop

External Intelligence

Malpedia: vbs.gammadrop

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.