King Ouroboros Ransomware (<Original Filename>.king_ouroboros.<Original Extension> / Version Delta) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 8893004b04b4436eb47e9b504b7a437f

Major Detection Name : Gen:Variant.Ransom.Ouroboros.1 (BitDefender), Ransom_KINGBOROS.THFBBAH (Trend Micro)

Encrypted File Pattern : <Original Filename>.king_ouroboros.<Original Extension>

Malicious File Creation Location :
- C:\Program Files (x86)\Common Files\<Random>.exe
- C:\Program Files (x86)\Common Files\log.txt
- C:\Windows\System32\Tasks\<10자리 Random 숫자>

Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)
- Adds <10-Digit Random Number> to scheduler to execute "C:\Program Files (x86)\Common Files\<Random>.exe" at user login