Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

BlackPink Ransomware (.BlackPink)

  • Distribution Method : Unknown
 
  • MD5 : ded387d7e5dbceeb11471561b2fdd262
 
  • Encrypted File Pattern : .BlackPink
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\_hashlib.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\bz2.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Cipher._AES.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Hash._SHA256.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Random.OSRNG.winrandom.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Util._counter.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\main.exe.manifest
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Microsoft.VC90.CRT.manifest
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcm90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcp90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcr90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\python27.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\select.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\unicodedata.pyd
 
  • Payment Instruction File : how_to_recver_files.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Python-based Ransomware
     - Developed by a Korean

List

위로