Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 8792587ae79817109a39bf5f0b67ec93
 
  • Major Detection Name : Generic.Ransom.Hiddentear.A.59E0123B (BitDefender), Ransom.HiddenTear (Malwarebytes)
 
  • Encrypted File Pattern : .gоod
 
  • Malicious File Creation Location :
     - C:\Windows\System32\info.hta
     - C:\Windows\System32\pubby.txt
     - C:\Windows\System32\sec.txt
 
  • Payment Instruction File : HOW_TO_RECOVER_FILES.txt / info.hta
 
  • Major Characteristics :
     - Offline Encryption
     - EDA2 open source based ransomware
     - Block processes execution (msftesql, mysqld, oracle, postgres, sqlservr, sqlwriter etc.)
     - Disable system restore (wmic SHADOWCOPY DELETE, vssadmin Delete Shadows /All /Quiet)

List

위로