Then, those encrypted files will again be encrypted with the RC4 algorithm with a randomly generated 256-bit key.įigure 5: Searching drives for file encryption First, it encrypts the files with AES encryption using a randomly generated 32-bit key. It will enumerate through the the system drives to encrypt the files using double encryption. The malware establishes persistence by creating the follow registry key on the victim's machine:
Discord ip grabber extension download#
The attack usually starts with spam emails in which users are tricked with legitimate-looking templates into downloading next-stage payloads.