Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Termite Ransomware (.DontNeed$!)

  • Distribution Method : Unknown
 
  • MD5 : 9185ae8f99c797d224ed8424aa711665
 
  • Major Detection Name : Dropped:Generic.Ransom.Termite.DC1690C8 (BitDefender), Ransom.Termite (Malwarebytes)
 
  • Encrypted File Pattern : .DontNeed$!
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile\TemporaryFile
     - C:\Users\%UserName%\Desktop\Payment.exe
     - C:\Windows\System32\mswsock.dll
     - C:\Windows\SysWOW64\mswsock.dll
     - C:\Windows\Termite.exe
 
  • Major Characteristics :
     - Offline Encryption
     - The Chinese, English and Japanese users targeted
     - Modifies Microsoft Windows Sockets 2.0 Service Provider (mswsock.dll) and executes ransomware when a application loads the library.
     - When executing .DontNeed$! file extension, displays message window (Payment.exe) and runs ransomware (C:\Windows\Termite.exe)

List

위로