Turkish Ransomware (.TRSomware / @Lütfen_Beni_Oku!@.txt / Version English) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : f85f3aa90e19ca3dadca5c69a5ba0009

Major Detection Name : Trojan.Ransom.Filecoder (ALYac), Ransom.KesLan (Malwarebytes)

Encrypted File Pattern : .TRSomware

Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\<Random>.tmp\<Random>.vbs
- C:\Users\%UserName%\AppData\Local\Temp\tmp<Random>.vbs
- C:\Users\%UserName%\AppData\Local\TempASD456.exe
- C:\Users\%UserName%\Desktop\@MMDecrypt0r@.exe
- C:\Users\%UserName%\Desktop\Hura Theme.dll
- C:\Users\%UserName%\Desktop\Teen.dll

Payment Instruction File : @Lütfen_Beni_Oku!@.txt / @Please_Read_Me@.txt / @Wallpaper@.png

Major Characteristics :
- The English and Turkish users are targeted.
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\wallpaper.bmp)