Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 2f30173e81134dc8f490099dc78c780a
 
  • Major Detection Name : Ransom.LambdaLocker (Malwarebytes), Ransom_LAMBDALOCKER.C (Trend Micro)
 
  • Encrypted File Pattern : .MyChemicalRomance4EVER
 
  • Malicious File Creation Location :
         - C:\Users\Public\systern.exe
         - C:\Users\%UserName%\AppData\Local\VirtualStore\!UNLOCK_guiDE.tXT
         - C:\Users\%UserName%\Desktop\UNLOCK_guiDE.lnk
         - C:\!UNLOCK_guiDE.tXT
 
  • Payment Instrucition File : !UNLOCK_guiDE.tXT
 
  • Major Characteristics :
         - Offline Encryption
         - Python-based Ransomware
         - The Chinese users targeted
         - Stop multi services (sc stop apache2.4, sc stop MariaDB, sc stop MongoDB, sc stop mssqlserver, sc stop mysql, sc stop nginx, sc stop OracleServiceORCL, sc stop postgresql)
         - Block processes execution (apache*, httpd.exe, java.exe, nginx*, tomcat*)

List

위로