Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : e6c8a5bf47683b9a274157b089a31976
 
  • Encrypted File Pattern : .wiot
 
  • Malicious File Creation Location :
     - C:\SystemID
     - C:\SystemID\PersonalID.txt
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\build3.exe
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\bowsakkdestx.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Network\mstsca.exe
     - C:\Windows\System32\Tasks\Azure-Update-Task
     - C:\Windows\System32\Tasks\Time Trigger Task
 
  • Payment Instruction File : _readme.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe --Task" for every 5 minutes.
     - Generates additional AZORult malware (Info stealer)

List

위로