- Distribution Method : Mail attachment (.vbs)
- MD5 : c99e32fb49a2671a6136535c6537c4d7
- Major Detection Name : Win32.Trojan-Ransom.GlobeImposter.T55VWB (GData), Trojan-Ransom.Win32.Purgen.acd (Kaspersky)
- Encrypted File Pattern : ..doc
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
- C:\Users\%UserName%\AppData\Roaming\<Random>.exe
- Payment Instruction File : Read___ME.html
- Major Characteristics :
- Offline Encryption
- Fake Globe / PSCrypt Ransomware series
- Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)
List