映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Installation via DanaBot malware
 
  • MD5 : e48067d2ad6adcbf2e4cf7e705d4bd82
 
  • Major Detection Name : Trojan:Win32/Danabot.K (Microsoft), Ransom_CryFile.R03FC0WDU19 (Trend Micro)
 
  • Encrypted File Pattern : .non
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\b.bat
     - C:\Users\%UserName%\AppData\Local\Temp\svchost.exe
 
  • Payment Instruction File : HowToBackFiles.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Blitzkrieg Ransomware series
     - Disable Windows Defender (DisableAntiSpyware)
     - Stop multi services (mssqlfdlauncher, mssqlserver, mysql, sqlwriter, TeamViewer, wuauserv etc.)
     - Block processes execution (armsvc.exe, IAStorDataMgrSvc.exe, isa.exe, jusched.exe, tv_x64.exe, Veam.EndPoint.Tray.exe etc.)
     - Disable system restore (Disable-ComputerRestore "<Drive Letter>:\", vssadmin delete shadows /all)
     - Deletes event log (Clear-EventLog "Windows PowerShell")
     - Empty the trash (Clear-RecycleBin -Confirm:$false)

リスト

위로