RansomComponent
Small (100KB) PE32 ransomware component. vssadmin Delete Shadows /all /quiet (shadow copy destruction). vssadmin resize shadowstorage (backup prevention). net stop x5 (service kill). taskkill /IM msaess.exe (McAfee Agent). CreateRemoteThread injection.
Threat Profile
Type
Ransomware
Programming LanguageC/C++
C2 ProtocolLocal
First Seen2024
Targets
Küresel
Purpose / Capabilities
- Shadow Copy Destruction/Service Kill
No C2 servers have been identified for this family yet.
Research Reports (1)
RansomComponent ae355c32 -- vssadmin Delete Shadows Golge Kopya Yok Etme, vssadmin resize shadowstorage Yedek Engelleme, net stop Servis Durdurma, CreateRemoteThread Surec Enjeksiyonu | Kritik
RansomComponent ae355c32 PE32 x86 100KB. vssadmin Delete Shadows golge kopya yok etme. vssadmin resize shadowstorage yedek engelleme. net stop x5 servis durdurma. CreateRemoteThread enjeksiyonu.
Read Report →