Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Satan v2.0 Ransomware (.satan / ReadMe.TXT)

  • Distribution Method : Unknown
 
  • MD5 : 2031e5725714aa67c262237dbe38d96e
 
  • Major Detection Name : Trojan-Ransom.Win32.Gen.gif (Kaspersky), Ransom.Satan (Norton)
 
  • Encrypted File Pattern : .satan
 
  • Malicious File Creation Location :
     - C:\ST_V2
     - C:\ST_V2\St_V2.exe
     - C:\Windows\client.exe
     - C:\ReadMe.TXT
 
  • Payment Instruction File : ReadMe.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - DBGer / Lucky Ransomware series
     - The Chinese, English and Korean users are targeted.
     - Block processes execution (fdhost.exe, fdlauncher.exe, mysqld.exe, nmesrvc.exe, sqlagent.exe, sqlservr.exe etc.)
     - When the encrypted file (.satan) icon is changed and executed, the ransomware file (C:\ST_V2\St_V2.exe) is executed.

List

위로