- Distribution Method : Unknown
- MD5 : a08784f5691a0a8ce6249e1981dea82c
- Major Detection Name : Ransom:Win32/Tescrypt.A (Microsoft), Ransom_CRYPALPHA.C (Trend Micro)
- Encrypted File Pattern : .ezz
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\key.dat
- C:\Users\%UserName%\AppData\Roaming\<Random>.exe
- C:\Users\%UserName%\AppData\Roaming\log.html
- C:\Users\%UserName%\Desktop\Save_Files.lnk
- C:\Users\%UserName%\Documents\RECOVERY_FILE.TXT
- Payment Instruction File : HELP_TO_SAVE_FILES.txt
- Major Characteristics :
- Offline Encryption
- Delete VSS service
- Changes desktop background(C:\Users\%UserName%\Desktop\HELP_TO_SAVE_FILES.bmp)
List