+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: CheckMAL (https://www.geeks.fyi/forumdisplay.php?fid=96)
+----- Forum: CheckMAL Videos (https://www.geeks.fyi/forumdisplay.php?fid=161)
+----- Thread: Lilith Ransomware (.lilith) (/showthread.php?tid=20531)
Lilith Ransomware (.lilith) - jasonX - 27 January 25
Lilith Ransomware (.lilith) (2025. 01. 04. 660)
AppCheck Anti-Ransomware : Lilith Ransomware (.lilith) Block Video
Distribution Method : Unknown
MD5 : b7a182db3ba75e737f75bda1bc76331a
Major Detection Name : Ransomware/Win.LILITHCRYPT.C5205307 (AhnLab V3), Trojan.Ransom.Lilith.B (BitDefender)
Encrypted File Pattern : .lilith
Payment Instruction File : Restore_Your_Files.txt
Major Characteristics :
- Offline Encryption
- Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
- Block processes execution (agntsvc.exe, dbsnmp.exe, ocssd.exe, oracle.exe, sql.exe, synctime.exe etc.)
More Info HERE
Content lifted from CheckMAL site with permission