Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

CrazyCrypt v2.1 Ransomware (.id.<Random>.[decryptcrazy@gmail.com].crazy)

  • Distribution Method : Unknown
 
  • MD5 : 56f67d720e83f2cff38f2ea1d9c8f9ff
 
  • Major Detection Name : Ransom.CrazyCrypt (Malwarebytes), Ransom.Win32.CRAZYCRYPT.THBBHAI (Trend Micro)
 
  • Encrypted File Pattern : .id.<Random>.[decryptcrazy@gmail.com].crazy
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<%UserName%>.exe
     - C:\Users\%UserName%\Desktop\<%UserName%>.exe
     - C:\Users\%UserName%\Documents\<%UserName%>.exe
     - C:\Users\%UserName%\Downloads\<%UserName%>.exe
     - <Drive Letter>:\<%UserName%>.exe
 
  • Payment Instruction File : FILES ENCRYPTED.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Hidden-Tear open source based ransomware
     - Stupid Ransomware series
     - Disable and Blocks Registry Editor (regedit.exe), Command Prompt (cmd.exe), System Configuration (msconfig.exe) and Task Manager (Taskmgr.exe)
     - Turns off User Access Control (UAC)

List

위로