Project57 Ransomware (.[ti_kozel@lashbania.tv].костя баранин) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : bba1b6f4c0608e2d9c480d25fcb1f436

Major Detection Name : PHP/Filecoder.U (ESET), Trojan.Ransom.SoulLocker.A (GData)

Encrypted File Pattern : .[ti_kozel@lashbania.tv].костя баранин

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\PSE20\dcbf34cee365611ad66a762460b7ff3f\php.ini
- C:\Users\%UserName%\AppData\Local\Temp\RarSFX0\php5ts.dll
- C:\Users\%UserName%\AppData\Local\Temp\RarSFX0\<Random>.exe
- C:\Users\%UserName%\Desktop\INFORMATION.KEY

Payment Instruction File : DECRYPT.HTML / DECRYPT.TXT

Major Characteristics :
- Offline Encryption
- PHP-based Ransomware
- The Russian users targeted