Redeemer Ransomware (.redeem)

[jasonX]

Redeemer Ransomware (.redeem) (2025. 01. 17. 456)

 

AppCheck Anti-Ransomware : Redeemer Ransomware (.redeem) Block Video

Distribution Method : Unknown
 
MD5 : e37a0ece30267233f1dddf3c2300393f
 
Major Detection Name : Ransom:Win32/Redeemer.MK!MTB (Microsoft), Ransom.Win32.REDEEM.YXBLV (Trend Micro)
 
Encrypted File Pattern : .redeem
 
Malicious File Creation Location :
 

• C:\Windows\ProgramData
  
• C:\Windows\ProgramData\calc.exe
  
• C:\Windows\SQL
  
• C:\Windows\SQL\taskhost.exe
  
• C:\Windows\SQL\rem.bat
  
• C:\Windows\svchost
  
• C:\Windows\svchost\conhost.exe
  
  

Payment Instruction File : Read Me.TXT
 
Major Characteristics :
 

• Offline Encryption
  
• Disable system restore (vssadmin delete shadows /All /Quiet)
  
• Deletes event log (wevtutil clear-log Application, wevtutil clear-log Security, wevtutil clear-log Setup, wevtutil clear-log System)
  

More Info HERE

Content lifted from CheckMAL site with permission