CRBR Encryptor Ransomware (<Random Filename>.<4 Digits Random Extension>) - 映像 - チェックマル

映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

Distribution Method : Automatic infection using exploit by visiting website + Mail attachment (.js)

MD5 : 8e9080262723020463638de9db275baa

Major Detection Name : Win-Trojan/VBKrypt.RP (AhnLab V3), Mal/FareitVB-M (Sophos)

Encrypted File Pattern : <Random Filename>.<4 Digits Random Extension>

Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe

Payment Instruction File : _R_E_A_D___T_H_I_S___<Random>_.hta / _R_E_A_D___T_H_I_S___<Random>_.txt

Major Characteristics :
- Offline Encryption
- Cerber Ransomware series
- Target files encrypted starting from offset 0x708
- Generates payment instrucition files in 13 languages including Korean and English
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\tmp<Random>.bmp)