Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : ed192818e3bd3d5b1ab78e7c090931c8
 
  • Major Detection Name : Win32:RansomX-gen [Ransom] (Avast), HEUR:Trojan-Ransom.Win32.Stop.gen (Kaspersky)
 
  • Encrypted File Pattern : .efdc
 
  • Malicious File Creation Location :
     - C:\SystemID
     - C:\SystemID\PersonalID.txt
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\build3.exe
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\bowsakkdestx.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Network\mstsca.exe
     - C:\Windows\System32\Tasks\Azure-Update-Task
     - C:\Windows\System32\Tasks\Time Trigger Task
 
  • Payment Instruction File : _readme.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe --Task" for every 5 minutes.
     - Generates additional AZORult malware (Info stealer)

List

위로