Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : e37a0ece30267233f1dddf3c2300393f
 
  • Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
 
  • Encrypted File Pattern : .redeem
 
  • Malicious File Creation Location :
     - C:\Windows\ProgramData
     - C:\Windows\ProgramData\calc.exe
     - C:\Windows\SQL
     - C:\Windows\SQL\taskhost.exe
     - C:\Windows\SQL\rem.bat
     - C:\Windows\svchost
     - C:\Windows\svchost\conhost.exe
 
  • Payment Instruction File : Read Me.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - Disable system restore (vssadmin delete shadows /All /Quiet)
     - Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)

List

위로