Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Mail attachment (.js)
 
  • MD5 : 4437bdd07c667ae4c7b583cf87ec613d
 
  • Encrypted File Pattern : .avdn
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
     - C:\Users\%UserName%\AppData\Roaming\<Random>.exe
     - C:\Windows\System32\Tasks\update
 
  • Payment Instruction File : <6-Digit Number>-readme.html
 
  • Major Characteristics :
     - Offline Encryption
     - Turns off User Access Control (UAC)
     - EFI System Partition (X:\) and Recovery Partition (Y:\) drives are activate.
     - Block processes execution (fdlauncher.exe, RAgui.exe, sqlbrowser.exe, sqlservr.exe, supervise.exe, winword.exe etc.)
     - Disable system restore (wmic.exe SHADOWCOPY /nointeractive, vssadmin.exe Delete Shadows /All /Quiet)
     - Adds update to scheduler to execute "%AppData%\<Random>.exe" Every 10 minutes
     - Changes desktop background (C:\Users\%UserName%\bckgrd.bmp)

List

위로