Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Termite Ransomware (.∽ (KOR) / .¡ï (EN) / .。 (JPN))

  • Distribution Method : Unknown
 
  • MD5 : 47df0d33af52ef6c8bff8d9173e9be2e
 
  • Major Detection Name : Dropped:Generic.Ransom.Termite.DC1690C8 (BitDefender), Trojan-Ransom.Win32.Encoder.fr (Kaspersky)
 
  • Encrypted File Pattern : .∽ (KOR) / .¡ï (EN) / .。 (JPN)
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile\TemporaryFile
     - C:\Users\%UserName%\Desktop\Payment.exe
     - C:\Windows\System32\mswsock.dll
     - C:\Windows\SysWOW64\mswsock.dll
     - C:\Windows\Termite.exe
 
  • Major Characteristics :
     - Offline Encryption
     - The Chinese, English and Japanese users targeted
     - Modifies Microsoft Windows Sockets 2.0 Service Provider (mswsock.dll) and executes ransomware when a application loads the library.
     - When executing .∽ file extension, displays message window (Payment.exe) and runs ransomware (C:\Windows\Termite.exe)

List

위로