AXLocker, Octocrypt, And Alice: New Wave Of Ransomware

Figure 1 – Static file details of AXLocker ransomwareUpon execution, the ransomware hides itself by modifying the file attributes and calls the startencryption() function to encrypt files, as shown below. Figure 6 – Encrypted file by AXLocker ransomwareAfter encrypting the victim’s files, the ransomware collects and sends sensitive information such as Computer name, Username, Machine IP address, System UUID, and Discord tokens to TA, as shown in the below figure. The image below shows the encrypted file of the ransomware after the successful infection on the victim’s machine.