Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : dbd5bede15de51f6e5718b2ca470fc3f
 
  • Major Detection Name : Win-Trojan/Lockycrypt.Gen (AhnLab V3), Ransom.TeslaCrypt (Malwarebytes)
 
  • Encrypted File Pattern : <Original Filename>.<Original Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\+REcovER+<5-Digit Random>+.png
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\+REcovER+<5-Digit Random>+.txt
     - C:\Users\%UserName%\Desktop\+REcovER+<5-Digit Random>+.png
     - C:\Users\%UserName%\Desktop\+REcovER+<5-Digit Random>+.txt
     - C:\Users\%UserName%\Documents\+recover+file.txt
     - C:\Users\%UserName%\Documents\<Random>.exe
 
  • Payment Instruction File : +REcovER+<5-Digit Random>+.png / +REcovER+<5-Digit Random>+.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

List

위로