Cryakl Ransomware (email-gruzinrussian@aol.com.ver-CL 1.2.0.0.id-<Random>-<Month>@<Day>@<Year> <Hour>@<Minute>@<Second> <AM/PM><Random>.randomname-<Random>.<Random>.cbf) - 映像 - チェックマル

映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

Distribution Method : Unknown

MD5 : c9f325294c1eb546df01acba568985ca

Major Detection Name : ransom.win32.criakl.d (Sophos), Trojan.Encoder.567 (Dr.Web)

Encrypted File Pattern : email-gruzinrussian@aol.com.ver-CL 1.2.0.0.id-<Random>-<Month>@<Day>@<Year> <Hour>@<Minute>@<Second> <AM/PM><Random>.randomname-<Random>.<Random>.cbf

Malicious File Creation Location :
- C:\Program Files (x86)\gruz5.exe
- C:\Program Files (x86)\Company
- C:\Program Files (x86)\Company\Gruz
- C:\Program Files (x86)\Company\Gruz\gruz5.exe
- C:\Program Files (x86)\Company\Gruz\letter.pdf
- C:\Program Files (x86)\Company\Gruz\Uninstall.exe
- C:\Program Files (x86)\Company\Gruz\Uninstall.ini
- C:\Users\%UserName%\AppData\Local\Temp\gruz5.exe

Major Characteristics :
- Offline Encryption
- The Russian users targeted
- Installed and disguised as program "Gruz 1.00", then encrypts files
- Disguised as execution of running PDF document (letter.pdf)
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\desk.bmp)