映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Unknown
 
  • MD5 : 2f30173e81134dc8f490099dc78c780a
 
  • Major Detection Name : Ransom.LambdaLocker (Malwarebytes), Ransom_LAMBDALOCKER.C (Trend Micro)
 
  • Encrypted File Pattern : .MyChemicalRomance4EVER
 
  • Malicious File Creation Location :
         - C:\Users\Public\systern.exe
         - C:\Users\%UserName%\AppData\Local\VirtualStore\!UNLOCK_guiDE.tXT
         - C:\Users\%UserName%\Desktop\UNLOCK_guiDE.lnk
         - C:\!UNLOCK_guiDE.tXT
 
  • Payment Instrucition File : !UNLOCK_guiDE.tXT
 
  • Major Characteristics :
         - Offline Encryption
         - Python-based Ransomware
         - The Chinese users targeted
         - Stop multi services (sc stop apache2.4, sc stop MariaDB, sc stop MongoDB, sc stop mssqlserver, sc stop mysql, sc stop nginx, sc stop OracleServiceORCL, sc stop postgresql)
         - Block processes execution (apache*, httpd.exe, java.exe, nginx*, tomcat*)

リスト

위로