- Distribution Method : Download the file via a link included in the email message
- MD5 : 31c2e85ef5e4c0009e1f18794527b4ca
- Major Detection Name : Ransom:MSIL/CryptoMole.A (Microsoft), Ransom.Troldesh (Norton)
- Encrypted File Pattern : <Random>.MOLE
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\<Random>.exe
- Payment Instruction File : INSTRUCTION_FOR_HELPING_FILE_RECOVERY.TXT
- Major Characteristics : Offline Encryption, CryptFIle2 / CryptoMix / CryptoShield / Revenge / Zeta Ransomware Family, shutdown VSS service and Windows Security Center service.
List