Oxar Ransomware (.OXR / 1 How to buy Bitcoin.txt + 1 What happens with my files.txt + instructions.txt) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : bb1e162a034036fdbcc7d0d03a247d02

Major Detection Name : Generic.Ransom.Oxar.6EA407D4 (BitDefender), Ransom_HIDDENTEAROXAR.C (Trend Micro)

Encrypted File Pattern : .OXR

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\File Decryptor.exe
- C:\Users\%UserName%\AppData\Local\Temp\infos.txt
- C:\Users\%UserName%\AppData\Local\Temp\list
- C:\Users\%UserName%\AppData\Local\Temp\sysadmin.txt
- C:\Users\%UserName%\Desktop\File Decryptor.exe

Payment Instruction File : 1 How to buy Bitcoin.txt / 1 What happens with my files.txt / instructions.txt

Major Characteristics :
- Offline Encryption
- Kappa Ransomware series
- Hidden-Tear open source based ransomware
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\wallpaper.bmp)