Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Download the file via a link included in the email message
 
  • MD5 : e586cec5d18da7e2382b81e5d21374fd
 
  • Major Detection Name : Ransom.Satan (Malwarebytes), Trojan.Win32.Z.Satan.189335.A (ViRobot)
 
  • Encrypted File Pattern : <Random Filename>.stn
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\tmp_<Random>.bat
     - C:\Users\%UserName%\AppData\Roaming\<Random>\<Random>.exe
 
  • Payment Instruction File : 0_HELP_DECRYPT_FILES.html
 
  • Major Characteristics :
     - DBGer Ransomware series
     - File encryption using explorer.exe (Windows Explorer) Clean file
     - Guide a payment instrucition in 23 languages including English and Korean.
     - Disable system restore (vssadmin.exe delete shadows /all /quiet)
     - Interrupt file recovery using "C:\Windows\System32\cipher.exe" /W:<Drive Letter>

List

위로