Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Termite Ransomware (.aaaaaa)

  • Distribution Method : Unknown
 
  • MD5 : 48e4a8c42a7e84c8279d1b489dc51023
 
  • Major Detection Name : Ransom.Termite (Malwarebytes), Ransom_TERMITE.THHBIAH (Trend Micro)
 
  • Encrypted File Pattern : .aaaaaa
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile\TemporaryFile
     - C:\Users\%UserName%\Desktop\Payment.exe
     - C:\Windows\System32\mswsock.dll
     - C:\Windows\SysWOW64\mswsock.dll
     - C:\Windows\Termite.exe
 
  • Major Characteristics :
     - Offline Encryption
     - The Chinese, English and Japanese users targeted
     - Modifies Microsoft Windows Sockets 2.0 Service Provider (mswsock.dll) and executes ransomware when a application loads the library.
     - When executing .aaaaaa file extension, displays message window (Payment.exe) and runs ransomware (C:\Windows\Termite.exe)

List

위로