Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Mail attachment(.js)
- MD5 : 4b9d37943da617c47367c7a14d568933
- Major Detection Name : Trojan/Win32.Cerber.R199632 (AhnLab V3), Trojan-Ransom.Win32.Zerber.eagu (Kaspersky)
- Encrypted File Pattern : <Random Filename>.<4 Digits Random Extension>
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
- Payment Instruction File : _READ_THIS_FILE_<Random>_.hta / _READ_THIS_FILE_<Random>_.txt
- Major Characteristics : Offline Encryption, Encryption starts from offset 0x700 on target files. Encrypts targets user created folders in C drive root / Documents / Desktop / other partitions / USB drives, Creates payment instruction file in 13 languages including English.