Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : f1a349d50238a8b141a9d75de2354354
 
  • Major Detection Name : Ransom:Win32/FileCryptor (Microsoft), Ransom_CRPTX.A (Trend Micro)
 
  • Encrypted File Pattern : .crptxxx
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\mtrea.exe (파일 암호화)
         - C:\Users\%UserName%\AppData\Roaming\binar\zip\binz.exe
         - C:\Users\%UserName%\AppData\Roaming\binar\zip\tor.exe
         - C:\Users\%UserName%\AppData\Roaming\binar\zip\tr2web.exe
         - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\decrypt.txt
 
  • Payment Instruction File : decrypt.txt / HOW_TO_FIX_!.txt
 
  • Major Characteristics : BTCWare Ransomware 계열, C&C 서버 통신 목적의 Tor 구성 요소(tr2web.exe → tor.exe) 생성 및 실행을 통한 동작

List

위로