Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Aurora Ransomware (.aurora)

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : 6521474d7db291c609ef515dfb1e8d6a
 
  • Major Detection Name : a variant of Win32/Filecoder.SilentSpring.A (ESET), Ransom.Aurora (Malwarebytes)
 
  • Encrypted File Pattern : .aurora
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!-GET_MY_FILES-!.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\#RECOVERY-PC#.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@_RESTORE-FILES_@.txt
 
  • Payment Instruction File : !-GET_MY_FILES-!.txt / #RECOVERY-PC#.txt / @_RESTORE-FILES_@.txt
 
  • Major Characteristics : Changes desktop background (wall.i)

List

위로