- Distribution Method : Unknown
- MD5 : 84c1567969b86089cc33dccf41562bcd
- Major Detection Name : Ransomware/Win.DarkSide.R424199 (AhnLab V3), Win32:DarkSide-C [Ransom] (Avast)
- Encrypted File Pattern : .<8-Digit Random Extension>
- Malicious File Creation Location : C:\ProgramData\<Encryption Extension>.ico
- Payment Instruction File : README.<Encryption Extension>.TXT
- Major Characteristics :
- Offline Encryption
- Change encrypted file (.<8-Digit Random Extension> icon (HKEY_CLASSES_ROOT\<8-Digit Random Extension>\DefaultIcon)
- Block processes execution (dbsnmp, oracle, TeamViewer.exe, vmcompute.exe, vmms.exe, vmwp.exe etc.)
- Stop multi services (agntsvc, encsvc, GxVss, isqlplussvc, mydesktopservice, sqbcoreservice etc.)
- Changes desktop background (C:\ProgramData\<Encryption Extension>.BMP)
List