Check out our video libray AppCheck defending aginst newest ransomware

Hitler Ransomware (<Original Filename>.AdolfHitler)

  • Distribution Method : Unknown
  • MD5 : e64dbe09fc1805177d9058a40807e128
  • Major Detection Name : Ransom:Win32/Genasom (Microsoft), Ransom_LERITH.I (Trend Micro)
  • Encrypted File Pattern : <Original Filename>.AdolfHitler
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\_Adolf Hitler_.mp3
  • Payment Instruction File : _Adolf Hitler_.bmp / _Adolf Hitler_.mp3
  • Major Characteristics :
         - Offline Encryption
         - The German users targeted
         - Disable Task Manager (Taskmgr.exe)
         - Disable system restore (vssadmin delete shadow /all /quiet, wmic shadowcopy delete, bcdedit /set {default} boostatuspolicy ignoreallfailures, bcdedit /set {default} recoveryenabled no, wbadmin delete catalog -quiet)
         - Disable the User Account Control (UAC)
         - Play background music on file encryption
         - Changes desktop background (C:\Windows\戮충교쒼暠튬.bmp)

Go to List

Please upgrade your web browser for better website experience.