Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Automatic infection using exploit by visiting website
 
  • MD5 : 9fddf65a12c2356ea656e18d7bc7203d
 
  • Major Detection Name : a variant of Win32/Kryptik.GJUD (ESET), Trojan-Ransom.Win32.Encoder.bk (Kaspersky)
 
  • Encrypted File Pattern : .<4~6 Digit Random Extension>
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
 
  • Payment Instruction File : ^_READ_TO_RE5T0RE_<Encryption Extension>.html / ^_READ_TO_RE5T0RE_<Encryption Extension>.txt / ^_READ_TO_RE5T0RE_<Encryption Extension>.url
 
  • Major Characteristics :
     - Offline Encryption
     - Connect the IP range (167.114.195.1:6901 ~ 167.114.195.254:6901 / 167.114.196.1:6901 ~ 167.114.196.254:6901 / 167.114.197.1:6901 ~ 167.114.197.254:6901) via User Datagram Protocol (UDP) for Command-and-Control (C&C) communication
     - Changes desktop background (C:\Users\%UserName%\Pictures\img.png)

List

위로