- Distribution Method : Unknown
- MD5 : f1a349d50238a8b141a9d75de2354354
- Major Detection Name : Ransom:Win32/FileCryptor (Microsoft), Ransom_CRPTX.A (Trend Micro)
- Encrypted File Pattern : .crptxxx
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Roaming\mtrea.exe (파일 암호화)
- C:\Users\%UserName%\AppData\Roaming\binar\zip\binz.exe
- C:\Users\%UserName%\AppData\Roaming\binar\zip\tor.exe
- C:\Users\%UserName%\AppData\Roaming\binar\zip\tr2web.exe
- C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\decrypt.txt
- Payment Instruction File : decrypt.txt / HOW_TO_FIX_!.txt
- Major Characteristics : BTCWare Ransomware 계열, C&C 서버 통신 목적의 Tor 구성 요소(tr2web.exe → tor.exe) 생성 및 실행을 통한 동작
List