Check out our video libray AppCheck defending aginst newest ransomware

XiaoBa Ransomware (<Original Filename>.XiaoBa1 ~ <Original Filename>.XiaoBa16)

  • Distribution Method : Unknown
  • MD5 : 3aea26e1ffb8c7b3104c6c67c0cbe027
  • Major Detection Name : Ransom.XiaoBa.UPX (Malwarebytes), Ransom_XIAOBA.SMALY-3 (Trend Micro)
  • Encrypted File Pattern : <Original Filename>.XiaoBa1 ~ <Original Filename>.XiaoBa16
  • Payment Instruction File : _Help_.hta / _XiaoBa_.bmp
  • Major Characteristics :
         - Offline Encryption
         - The Chinese users targeted
         - Disable the User Account Control (UAC)
         - Disable Task Manager (Taskmgr.exe)
         - Disable system restore (vssadmin delete shadow /all /quiet, wmic shadowcopy delete, bcdedit /set {default} boostatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet)
         - Changes desktop background (C:\Windows\戮충교쒼暠튬.bmp)

Go to List

Please upgrade your web browser for better website experience.