Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 4abe312bcc2726395c9c7fa3987b9c15
- Major Detection Name : Ransom.CryptoMix (Malwarebytes), Ransom_CRPTX.F117CT (Trend Micro)
- Encrypted File Pattern : .btcware
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\biznet.exe
- C:\Users\%UserName%\AppData\Roaming\binar\zip\binz.exe
- C:\Users\%UserName%\AppData\Roaming\binar\zip\tor.exe
- C:\Users\%UserName%\AppData\Roaming\binar\zip\tr2web.exe
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\#_HOW_TO_FIX_!.hta
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\#_HOW_TO_FIX_!.inf
- C:\Users\%UserName%\AppData\Roaming\tor
- Payment Instruction File : #_HOW_TO_FIX_!.hta / #_HOW_TO_FIX_!.inf
- Major Characteristics : Crptxxx Ransomware Families, creates and executes Tor related files(tr2web.exe, tor.exe) for C&C server communication, encrypts dll, exe files in target directory, changes default value in Windows Registry HKEY_CLASSES_ROOT\mscfile\shell\open\command, and executes biznet.exe by changing default event viewer, and changes back to original value after successful execution.