Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 313bc92dce801c2ec316c57ea74dd92a
 
  • Major Detection Name : Trojan:MSIL/Dllinject!MSR (Microsoft), Ransom.MSIL.CHINESECOFFEE.THBBABB (Trend Micro)
 
  • Encrypted File Pattern : <Original Filename>.coffee.<4-Digit Random>.<Original Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\{GUID}-Bible.dat
     - C:\Users\%UserName%\AppData\Roaming\{GUID}-TimeStamp.txt
     - C:\Users\%UserName%\AppData\Roaming\Myou.dll
     - C:\Users\%UserName%\AppData\Roaming\status.log
     - C:\Users\%UserName%\AppData\Roaming\updater.exe
 
  • Payment Instruction File : 请阅读我.RSA.txt
 
  • Major Characteristics :
     - A digitally signed (Guangzhou Shirui Electronics Co., Ltd.) file (Updater.exe) has been exploited.
     - Block processes execution (firebird*, MSSQL*, MySQL*, Oracle*, Redis*, SQLSERVERAGENT etc.)

List

위로