Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Access using Remote Desktop Protocol (RDP) or a remote program.
 
  • MD5 : 44012313e07e00db25f783a230327c60
 
  • Encrypted File Pattern : .[<Random>].[dungy@onionmail.org].mkp
 
  • Malicious File Creation Location : C:\Users\%UserName%\Desktop\+README-WARNING+.txt
 
  • Message File : +README-WARNING+.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Block processes execution. (fdlauncher.exe, MsDtsSrvr.exe, msftesql.exe, OneDrive.exe, postgres.exe, sqlwriter.exe etc.)
     - Disable system restore. (vssadmin delete shadows /all /quiet, wbadmin delete catalog -quiet, wmic shadowcopy delete)
     - Changes desktop background. (C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp.bmp)

List

위로