Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Aurora Ransomware (<Random Filename>.desu / @_DECRYPT_@.txt)

  • Distribution Method : Unknown
 
  • MD5 : c7676add400e38ff70b48fae5cb42b4f
 
  • Major Detection Name : DeepScan:Generic.Ransom.Animus.5D33661B (BitDefender), Ransom_AURORA.THGCAAH (Trend Micro)
 
  • Encrypted File Pattern : <Random Filename>.desu
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@_DECRYPT_@.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@_DECRYPT2_@.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@_DECRYPT3_@.txt
 
  • Payment Instruction File : @_DECRYPT_@.txt / @_DECRYPT2_@.txt / @_DECRYPT3_@.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Animus Locker / RickRoll Locker Ransomware series
     - Block processes execution (agntsvc.exe, dbeng50.exe, excel.exe, isqlplussvc.exe, mysqld.exe, oracle.exe etc.)

List

위로