映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : f2747a4af2720fcd0370598d97dad49e
 
  • Major Detection Name : Ransomware/Win.Generic.R474761 (AhnLab V3), Win32:DropperX-gen [Drp] (Avast)
 
  • Encrypted File Pattern : .avast
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.bat
 
  • Payment Instruction File : HOW TO RECOVER !!.TXT / RECOVERY INFORMATION.txt
 
  • Major Characteristics :
     - Mallox Ransomware series
     - Block processes execution (EXCEL.EXE, fdlauncher.exe, MsDtsSrvr.exe, SageCSClient.exe, sqlagentc.exe, U8WorkerService.exe etc.)
     - Stop multi services (MsDtsServer100, MSSQLServerADHelper100, NetBackup Discovery Framework, postgresql-x64-9.4, ReportServer$SHOPCONTROL9, SQLSERVERAGENT etc.)
     - Delete multi services (AHS SERVICE, eCard-TTransServer, SQLSERVERAGENT, VirboxWebServer, WebAttendServer, XT800Service_Personal etc.)
     - Disable multi services (sc config "MsDtsServer130" start= disabled, sc config "MSSQLFDLauncher" start= disabled, sc config "SQLBrowser" start= disabled, sc config "SQLSERVERAGENT" start= disabled, sc config "SQLTELEMETRY" start= disabled, sc config "SSISTELEMETRY130" start= disabled etc.)
     - Disable system restore (vssadmin.exe delete shadows /all /quiet, bcdedit /set {current} bootstatuspolicy ignoreallfailures, bcdedit /set {current} recoveryenabled no)

リスト

위로