- Distribution Method : Unknown
- MD5 : 1ccde80616dcf0c0f00603ec35a1d564
- Major Detection Name : a variant of MSIL/Filecoder.QU (ESET), RDN/Ransom (McAfee)
- Encrypted File Pattern : .[fileslocker@pm.me]
- Payment Instruction File : #解密我的文件#.TXT / #DECRYPT MY FILES#.TXT / #РАСШИФРОВЫВАТЬ МОИ ФАЙЛЫ#.TXT
- Major Characteristics :
- Offline Encryption
- The Chinese, English and Russian users targeted
- Disable system restore (vssadmin.exe delete shadows /all /quiet)
- Encryption guide using Text-to-Speech (TTS) function
- Changes desktop background (C:\Users\%UserName%\Desktop\WallPaper.bmp)
List