Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 2bf8e0f5e1a64f12b61bbaf128f7bab2
 
  • Major Detection Name : Trojan.Ransom.MarioLocker (ALYac), Ransom.Mario (Malwarebytes)
 
  • Encrypted File Pattern : .wasted<Number>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\Desktop\@WastedBitDecrypt.exe
     - C:\Users\%UserName%\Documents\WastedBit
     - C:\Users\%UserName%\Documents\WastedBit\mario.cur
     - C:\Users\%UserName%\Documents\WastedBit\mario.wav
     - C:\Users\%UserName%\Documents\WastedBit\Wasted.bmp
     - C:\Users\%UserName%\Documents\WastedBit\wastedlock.bmp
     - C:\Windows\Temp\YourFiles.txt
 
  • Payment Instruction File : @Readme.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Wiper method
     - Automatic logout when file encryption is complete.
     - Disable and Blocks Registry Editor (DisableRegistryTools), Command Prompt (DisableCMD) and Task Manager (DisableTaskMgr)
     - Disable Change Password (DisableChangePassword)
     - Disable Lock Computer (DisableLockWorkstation)
     - Changes desktop background (C:\Users\%UserName%\Documents\WastedBit\Wasted.bmp)

List

위로