+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: CheckMAL (https://www.geeks.fyi/forumdisplay.php?fid=96)
+----- Forum: CheckMAL Videos (https://www.geeks.fyi/forumdisplay.php?fid=161)
+----- Thread: Redeemer Ransomware (.redeem) (/showthread.php?tid=20530)
Redeemer Ransomware (.redeem) - jasonX - 27 January 25
Redeemer Ransomware (.redeem) (2025. 01. 17. 456)
AppCheck Anti-Ransomware : Redeemer Ransomware (.redeem) Block Video
Distribution Method : Unknown
MD5 : e37a0ece30267233f1dddf3c2300393f
Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
Encrypted File Pattern : .redeem
Malicious File Creation Location :
- C:\Windows\ProgramData
- C:\Windows\ProgramData\calc.exe
- C:\Windows\SQL
- C:\Windows\SQL\taskhost.exe
- C:\Windows\SQL\rem.bat
- C:\Windows\svchost
- C:\Windows\svchost\conhost.exe
Payment Instruction File : Read Me.TXT
Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin delete shadows /All /Quiet)
- Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)
More Info HERE
Content lifted from CheckMAL site with permission