映像
様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。
- Distribution Method : Automatic infection using exploit by visiting website
- MD5 : 336e08f86fffdbc7d3131cdad53c61b8 / d4829f54c127048520312aafe0c9bbaa
- Encrypted File Pattern : .<Random Extension>
- Malicious File Creation Location : C:\Users\Public\readme.txt
- Payment Instrucition File : readme.txt
- Major Characteristics :
- Fileless-based Ransomware
- File encryption using explorer.exe or iexplore.exe system files
- After Encryption, launches event viewer(eventvwr.exe) which automatically connects to open website (pcalua.exe -a http://<random>.dailybe.website/<random>) and opens ransom note (pcalua.exe -a notepad.exe -c C:\Users\Public\readme.txt)