Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Maze Ransomware (.<4~7-Digit Random Extension>)

  • Distribution Method : Automatic infection using exploit by visiting website
 
  • MD5 : d444509ad9103c7b53886c25f7a0db7d
 
  • Encrypted File Pattern : .<4~7-Digit Random Extension>
 
  • Malicious File Creation Location :
     - C:\ProgramData\foo.db
     - C:\Users\%UserName%\AppData\LocalLow\<Random>.tmp
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT-FILES.html
 
  • Payment Instruction File : DECRYPT-FILES.html
 
  • Major Characteristics :
 - Offline Encryption
 - ChaCha Ransomware series
 - Disable system restore ("C:\ggya\sgq\..\..\Windows\vteue\y\j\..\..\..\system32\is\..\wbem\n\wyhxw\ih\..\..\..\wmic.exe" shadowcopy delete)
 - Encryption guide using Text-to-Speech (TTS) function
 - Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\123456789.bmp)

List

위로