MicroCop Ransomware (Lock.<Original Filename>.<Original Extension> / Version Korean) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : 0fb9b6081e17fb2dd574a449e8e86707

Major Detection Name : AutoIt/Filecoder.6114!tr.ransom (Fortinet), Ransom:AutoIt/Lokmwiz.B!bit (Microsoft)

Encrypted File Pattern : Lock.<Original Filename>.<Original Extension>

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\8x8x8
- C:\Users\%UserName%\AppData\Local\Temp\32.cab
- C:\Users\%UserName%\AppData\Local\Temp\64.cab
- C:\Users\%UserName%\AppData\Local\Temp\888.vbs
- C:\Users\%UserName%\AppData\Local\Temp\x.exe
- C:\MicroCop.lnk

Major Characteristics :
- Offline Encryption
- Crypt888 / Desktop / Encephalitis / GrodexCrypt / Lecitricic Lycor / Zuahahhah Ransomware series
- The Korean users are targeted.
- Turns off User Access Control (UAC)
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\wl.jpg)