RansomComponent

Small (100KB) PE32 ransomware component. vssadmin Delete Shadows /all /quiet (shadow copy destruction). vssadmin resize shadowstorage (backup prevention). net stop x5 (service kill). taskkill /IM msaess.exe (McAfee Agent). CreateRemoteThread injection.

Threat Profile
Type Ransomware
Programming LanguageC/C++
C2 ProtocolLocal
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Shadow Copy Destruction/Service Kill
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

RansomComponent ae355c32 -- vssadmin Delete Shadows Golge Kopya Yok Etme, vssadmin resize shadowstorage Yedek Engelleme, net stop Servis Durdurma, CreateRemoteThread Surec Enjeksiyonu | Kritik

RansomComponent ae355c32 PE32 x86 100KB. vssadmin Delete Shadows golge kopya yok etme. vssadmin resize shadowstorage yedek engelleme. net stop x5 servis durdurma. CreateRemoteThread enjeksiyonu.

Read Report →