Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Noblis Ransomware (.noblis)

  • Distribution Method : Unknown
 
  • MD5 : 3beee8d7f55cd8298fcb009aa6ef6aae
 
  • Major Detection Name : Python/Filecoder.AC (ESET), Ransom_NOBLIS.A (Trend Micro)
 
  • Encrypted File Pattern : .noblis
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Include
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Include\pyconfig.h
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\_hashlib.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\_socket.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\_ssl.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\bitcoin.bmp
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\bz2.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Cipher._AES.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Cipher._DES.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Cipher._DES3.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Hash._SHA256.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Random.OSRNG.winrandom.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Util._counter.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Crypto.Util.strxor.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\lock.bmp
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\lock.ico
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Main.exe.manifest
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\Microsoft.VC90.CRT.manifest
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcm90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcp90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\msvcr90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\pyexpat.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\python27.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\pywintypes27.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\runtime.cfg
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\select.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\unicodedata.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\win32api.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\win32event.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\win32file.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._controls_.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._core_.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._gdi_.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._misc_.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._windows_.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wx._xrc.pyd
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxbase30u_net_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxbase30u_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxbase30u_xml_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxmsw30u_adv_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxmsw30u_core_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxmsw30u_html_vc90.dll
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Number>\wxmsw30u_xrc_vc90.dll
 
  • Major Characteristics :
     - Offline Encryption
     - Cyclone Ransomware series
     - Python-based Ransomware
     - The Spanish users targeted

List

위로