WORM_BIFROSE.WIL
Windows
Threat Type: Ransomware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
Arrival Details
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Ransomware drops the following component file(s):
- %System Root%\Setup\csetup.tmp
(Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.)
It drops the following copies of itself into the affected system:
- %System Root%\Setup\CacheMgr.exe
(Note: %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.)
Autostart Technique
This Ransomware modifies the following registry entries to ensure it automatic execution at every system startup:
HKCU\Software\Microsoft\
Windows\CurrentVersion\Run
StubPath = %System Root%\Setup\CacheMgr.exe
Other Details
This Ransomware connects to the following possibly malicious URL:
- http://{BLOCKED}secure.net/ABIUSP/setup.exe