Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Download a file after inducing access to the Phishing site
 
  • MD5 : aea013d01453f97db80b01838255e414
 
  • Major Detection Name : Ransom:AutoIt/Lokmwiz.B!bit (Microsoft), Ransom.Win32.MIRCOP.AA (Trend Micro)
 
  • Encrypted File Pattern : Lock.<Original Filename>.<Original Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\8x8x8
     - C:\Users\%UserName%\AppData\Local\Temp\32.cab
     - C:\Users\%UserName%\AppData\Local\Temp\64.cab
     - C:\Users\%UserName%\AppData\Local\Temp\888.vbs
     - C:\Users\%UserName%\AppData\Local\Temp\x.exe
     - C:\Microsoft Update.lnk
 
  • Major Characteristics :
     - Offline Encryption
     - Encephalitis / GrodexCrypt / Lecitricic Lycor / MicroCop / Zuahahhah Ransomware series
     - AutoIt scripts based Ransomware
     - Turns off User Access Control (UAC)
     - Kill a web browser processes (chrome.exe, firefox.exe, iexplore.exe, opera.exe, tor.exe) and Block Skype processes execution.
     - Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\wl.jpg)

List

위로