Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Hansom Ransomware (.hansom)

  • Distribution Method : Unknown
 
  • MD5 : 5384e1ab95d2cbac7e4cd5b781ad2520
 
  • Encrypted File Pattern : .hansom
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Private.hansomkey
     - C:\Users\%UserName%\AppData\Local\Public.hansomkey
     - C:\Users\%UserName%\AppData\Roaming\StSess.exe
     - C:\Users\%UserName%\Desktop\Hansom_Sample
     - C:\Users\%UserName%\Desktop\Hansom_Sample\sample.docx.hansom
     - C:\Users\%UserName%\Desktop\Hansom_Sample\sample.jpg.hansom
     - C:\Users\%UserName%\Desktop\Hansom_Sample\sample.pdf.hansom
     - C:\Users\%UserName%\Desktop\Hansom_Sample\sample.zip.hansom
     - C:\Users\%UserName%\Desktop\Hansom Decryptor.exe
     - C:\Users\%UserName%\Desktop\Private.hansomkey
 
  • Payment Instruction File : HANSOM_README.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution (agntsvc.exe, dbsnmp.exe, msftesql.exe, oracle.exe, sqlagent.exe, synctime.exe etc.)
     - Changes desktop background (C:\Users\Public\Pictures\hansom.jpg)

List

위로