Geeks for your information Security Security Vendors CheckMAL CheckMAL Videos
Redeemer Ransomware (.redeem)
Redeemer Ransomware (.redeem)
jasonX Offline
Administrator
*******
Posts: 1,828
Threads: 467
Thanks Received: 6,716 in 1,811 posts
Thanks Given: 1,497
Joined: 14 August 18
#1
27 January 25, 09:22
Redeemer Ransomware (.redeem) (2025. 01. 17. 456)
 
AppCheck Anti-Ransomware : Redeemer Ransomware (.redeem) Block Video


Distribution Method : Unknown
 
MD5 : e37a0ece30267233f1dddf3c2300393f
 
Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
 
Encrypted File Pattern : .redeem
 
Malicious File Creation Location :
 
  • C:\Windows\ProgramData
  • C:\Windows\ProgramData\calc.exe
  • C:\Windows\SQL
  • C:\Windows\SQL\taskhost.exe
  • C:\Windows\SQL\rem.bat
  • C:\Windows\svchost
  • C:\Windows\svchost\conhost.exe


Payment Instruction File : Read Me.TXT
 
Major Characteristics :
 
  • Offline Encryption
  • Disable system restore (vssadmin delete shadows /All /Quiet)
  • Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)


More Info HERE

Content lifted from CheckMAL site with permission
[-] The following 1 user says Thank You to jasonX for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Adobe Acrobat Reader DC 2025.001.20521
Adobe Acrobat Read...harlan4096 — 07:40
Panda Free Anti-Virus 22.03.04
Panda Free Anti-Vi...harlan4096 — 07:38
Google Chrome 137.0.7151.68/.69
Google Chrome 137....harlan4096 — 07:37
Microsoft Edge 137.0.3296.58
Version 137.0.3296...harlan4096 — 07:34
Thunderbird version 139.0.1
Thunderbird versio...harlan4096 — 07:33

[-]
Birthdays
Today's Birthdays
avatar (49)eapedDow
avatar (46)Carlosskake
Upcoming Birthdays
avatar (47)BrantgoG
avatar (41)tapedDow
avatar (48)rapedDow
avatar (43)Johnsonsyday
avatar (48)Groktus
avatar (40)efodo
avatar (38)Tedscolo
avatar (45)brakasig
avatar (44)JamesReshy
avatar (46)Francisemefe
avatar (39)leoniDup
avatar (38)Patrizaancem
avatar (50)smudloquask
avatar (45)benchJem
avatar (38)biobdam
avatar (41)zacforat
avatar (46)NemrokReks
avatar (49)Jasoncedia
avatar (37)Barrackleve
avatar (39)Julioagopy
avatar (49)aolaupitt2558
avatar (47)vadimTob
avatar (37)leannauu4
avatar (39)storoBox
avatar (47)kinotHeemn
avatar (38)Ceballos1976
avatar (39)efynu
avatar (31)horancos

[-]
Online Staff
There are no staff members currently online.

>