Refs: Mount Locker Ransomware Aggressively Changes Up Tactics | Threatpost MountLocker Ransomware | Chuong Dong Malware-Analysis-Reports/MountLocker at master · Finch4/Malware-Analysis-Reports · GitHub Parse RecoveryManual.html content in memory and fill %CLIENT_ID%: Create registry key for opening RecoveryManual.html: Create log file if /NOLOG is not set: Collect victim’s system info: Result: If /NOKILL is 0, it enumerates and kills all services and processes: + Kill services, if service name contains any string is “SQL”, “database”, […]
Article Link: [QuickNote] MountLocker – Some pseudo-code snippets | 0day in {REA_TEAM}