Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

CyberSplitter Ransomware (.Indonesia)

  • Distribution Method : Unknown
 
  • MD5 : 0c251781c324eb0022bf5b39ed33c2df
 
  • Major Detection Name : Gen:Heur.Ransom.HiddenTears.1 (BitDefender), MSIL/Nystprac.A!tr.ransom (Fortinet)
 
  • Encrypted File Pattern : .Indonesia
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\3582-490
     - C:\Users\%UserName%\AppData\Local\Temp\3582-490\Tempexplorer.exe
     - C:\Users\%UserName%\AppData\Local\Temp\3582-490\TempexplorerSrv.exe
     - C:\Users\%UserName%\AppData\Local\Temp\3582-490\TempexplorerSrvSrv.exe
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\splitterrypted.vbs
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\spwak.vbs
     - C:\Users\%UserName%\AppData\Local\Tempexplorer.exe
     - C:\Users\%UserName%\AppData\Local\Tempspwak.exe
     - C:\Users\%UserName%\Microsoft
     - C:\Users\%UserName%\Microsoft\DesktopLayer.exe
     - C:\Users\%UserName%\Microsoft\DesktopLayerSrv.exe
     - <Drive Letter>:\autorun.inf
     - <Drive Letter>:\bot.exe
     - <Drive Letter>:\SpLiTTer.Exe
 
  • Major Characteristics :
     - Offline Encryption
     - Cyborg Ransomware series
     - Encryption guide using Text-to-Speech (TTS) function

List

위로