Geeks for your information Security Security Vendors CheckMAL CheckMAL Videos
AstraLocker v2.0 Ransomware (.AstraLocker)
AstraLocker v2.0 Ransomware (.AstraLocker)
jasonX Offline
Administrator
*******
Posts: 2,102
Threads: 526
Thanks Received: 7,137 in 2,076 posts
Thanks Given: 1,808
Joined: 14 August 18
#1
27 January 25, 09:19 (This post was last modified: 27 January 25, 09:20 by jasonX.)
AstraLocker v2.0 Ransomware (.AstraLocker) (2025. 01. 18. 434)
 
AppCheck Anti-Ransomware : AstraLocker v2.0 Ransomware (.AstraLocker) Block Video


Distribution Method : Unknown
 
MD5 : 8db7d5fb5cbdfc0731978261639f01a6
 
Major Detection Name : Ransom:Win32/Babuk.MAK!MTB (Microsoft), Ransom.Win32.BABUK.SMRD1 (Trend Micro)
 
Encrypted File Pattern : .AstraLocker
 
Payment Instruction File : Recover_Your_Files.html
 
Major Characteristics :
 
  • Offline Encryption
  • Babuk Locker / ChiChi Locker / DARKY LOCK / Delta Plus / Pandora / RA Group / Rook Ransomware series
  • Recovery Partition (M:\) + EFI System Partition (N:\) drives are activate.
  • Block processes execution (excel.exe, firefox.exe, oracle.exe, sql.exe, synctime.exe, thebat.exe etc.)
  • Stop multi services (backup, DefWatch, GxFWD, QBFCService, sophos, veeam etc.)
  • Disable system restore (vssadmin.exe delete shadows /all /quiet)




More Info HERE

Content lifted from CheckMAL site with permission
[-] The following 1 user says Thank You to jasonX for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 19.5.5 / 19.5.9 Update
Changes in 19.5.5:...harlan4096 — 09:15
PowerToys 0.98.0
Release v0.98.0 ...harlan4096 — 09:13
Sumatra PDF 3.6.0
Sumatra PDF 3.6.0 ...harlan4096 — 09:09
Adlice Protect (formerly RogueKiller) 16...
V16.6.0 03/17/2026...harlan4096 — 09:07
PatchMyPC 5.4.3.1
Version 5.4.3.1 is...harlan4096 — 09:05

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (43)Hectorvot
avatar (51)knowhanPluts
avatar (39)Williamengiz
avatar (46)qaqapeti
avatar (44)battsourIonix
avatar (43)CedricSek
avatar (38)Charlesfibre
avatar (43)artmaGoork

[-]
Online Staff
There are no staff members currently online.

>