Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Mail attachment (.js)
 
  • MD5 : c0306554fda888e1006cf60b31dddd8c
 
  • Major Detection Name : Trojan/Win32.Xorist.R25524 (AhnLab V3), Ransom_XORIST.SMA (Trend Micro)
 
  • Encrypted File Pattern : .<Original Extension>....PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_to_make_the_payment
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\TempcNH67.eXe
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt
 
  • Payment Instruction File : HOW TO DECRYPT FILES.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Xorist Ransomware series

List

위로