Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 2cc4534b0dd0e1c8d5b89644274a10c1
 
  • Major Detection Name : Trojan/Win32.WastedLocker.R345840 (AhnLab V3), Trojan-Ransom.Win32.Wasted.d (Kaspersky)
 
  • Encrypted File Pattern : .garminwasted
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\<Random>
     - C:\Users\%UserName%\AppData\Roaming\<Random>:bin
     - C:\Users\%UserName%\AppData\Roaming\<Random>
     - C:\Users\%UserName%\AppData\Roaming\<Random>:bin
     - C:\Windows\SysWOW64\<Random>.exe
     - C:\Windows\Temp\lck.log
 
  • Payment Instruction File : <Original Filename>.<Original Extension>.garminwasted_info
 
  • Major Characteristics :
     - Offline Encryption
     - Use an OTRBXJVNJJOIXXBVFO Digital Signatures
     - Create an ADS (Alternate Data Stream) file and encrypt the files.
     - Register ransomware malicious file as a service (C:\Windows\SysWOW64\<Random>.exe -s)
     - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

List

위로