Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Mole Ransomware (<Random Filename>.MOLE / _HELP_INSTRUCTION.TXT)

  • Distribution Method : Automatic infection using exploit by visiting website
 
  • MD5 : 25e76337af392a57428df900555d978d
 
  • Major Detection Name : Trojan.Ransom.Mole (ALYac), Trojan-Ransom.Win32.Fury.hm (Kaspersky)
 
  • Encrypted File Pattern : <Random Filename>.MOLE
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_HELP_INSTRUCTION.TXT
         - C:\Users\%UserName%\AppData\Roaming\<Random>.exe
 
  • Payment Instruction File : _HELP_INSTRUCTION.TXT
 
  • Major Characteristics :
         - Offline Encryption
         - CryptFile2 / CryptoMix / CryptoShield / Revenge / Zeta Ransomware series
         - Create a fake "Display Color Calibration" message

List

위로