Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 80d5f474ae7f3f5e1a4beefe1a36fd80
 
  • Major Detection Name : Generic.Ransom.Magniber.8486CAD0 (BitDefender), Trojan-Ransom.Win32.Encoder.fsc (Kaspersky)
 
  • Encrypted File Pattern : <Random Filename>.<4-Digit Random Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\{<Random>-<Random>-<Random>-<Random>-<Random>}
     - C:\Users\%UserName%\AppData\Roaming\{<Random>-<Random>-<Random>-<Random>-<Random>}\<Random>.exe
     - C:\Windows\System32\Tasks\Microsoft\Windows\<Random>
 
  • Payment Instruction File : <Random>_R_E_A_D___T_H_I_S_<Random>.jpg / <Random>_R_E_A_D___T_H_I_S_<Random>.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Cerber Ransomware series
     - Changes Folder Option (ShowSuperHidden, SuperHidden)
     - Check a virtual environment processes (prl_cc.exe, prl_tools.exe, qemu-ga.exe, vboxservice.exe, vboxtray.exe, VGAuthService.exe etc.)
    Reruns by adding "\Microsoft\Windows\<Random>" in Task Scheduler to run "%AppData%\{<Random>-<Random>-<Random>-<Random>-<Random>}\<Random>.exe" for every a minute.
     - Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\tmp<Random>.bmp)

List

위로