Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : d51219cf32609e92b3302ae7fefc9af3
 
  • Major Detection Name : TR/Ransom.Xorist.EJ (Avira), W32/Xorist.LN!tr (Fortinet)
 
  • Encrypted File Pattern : .8329892832982983982
 
  • Malicious File Creation Location :
     - C:\Program Files\Joiner
     - C:\Program Files\Joiner\112.exe
     - C:\Users\%UserName%\AppData\Local\Temp\34e6G4iU296A8ON.exe
 
  • Payment Instruction File : КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Boom / Xorist-Frozen Ransomware series
     - The Russian users are targeted.
     - Turns off User Access Control (UAC)
     - When the encrypted file (.8329892832982983982) icon is changed (HKEY_CLASSES_ROOT\TLYLSISCSUKVTXE) and the ransomware file (%Temp%\34e6G4iU296A8ON.exe) is executed.

List

위로