MOLE Ransomware
Posted: April 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 1,223 |
| First Seen: | April 13, 2017 |
|---|---|
| Last Seen: | February 29, 2024 |
| OS(es) Affected: | Windows |
The MOLE Ransomware is a new member of a Trojan family referred to as either CryptoMix or CryptMix Ransomware. Trojans within this group use a currently-unbreakable encryption method to encode and block your files, for which they extort ransom money. Users should avoid the delivery-themed e-mail links of this Trojan's campaign, along with having anti-malware products for eliminating the MOLE Ransomware or its installers in a preventative fashion.
What's Burrowing into Your File Data Today
Once again, con artists are exploiting e-mail as a favorable means of distributing new file-encrypting Trojans to victims, with the associated messages posing as notifications from the USPS. Instead of attaching the Trojan directly, the e-mails display links leading to fake plugins for the Microsoft Office program. Unprotected users clicking these links expose their browsers to an instance of the RIG Exploit Kit, which installs the MOLE Ransomware. Malware experts also note ties between this EK and other Trojan campaigns, usually with similar, encryption-based payloads.
The MOLE Ransomware is a Windows-specific Trojan that disables its installation on virtual or sandbox environments, which often are useful for threat analysis. If it does detect a suitable system environment, the MOLE Ransomware launches an install routine that includes a fake 'Color Calibration' pop-up to trick the user into giving it UAC admin privileges. Then, it launches the following attacks:
- The MOLE Ransomware conducts some network communications to provide its threat actor with a customized ID number for the infected PC, in addition to receiving an RSA-1024 encryption key that it saves locally.
- Using an AES-256 algorithm, the MOLE Ransomware encrypts media on all drives, such as documents, and renames them with a pattern of thirty-two hexadecimal characters and the '.MOLE' extension. The latter feature overwrites the original filenames.
- The MOLE Ransomware disables essential Windows services and features, including startup recovery, the Windows Defender, the Windows Update and the Background Intelligent Transfer Service.
- Like most file-encrypting Trojans of the past two years, the MOLE Ransomware also erases your Shadow Copies, which victims could use for recovering their encrypted files from default system backups.
Stopping an Expensive Mix-up of Your Files
The MOLE Ransomware's method of collecting a payoff for its attack is somewhat less sophisticated than the rest of its payload and uses nothing more than a Notepad message it places in every folder that has encrypted content. Victims have the option of contacting the e-mail addresses in the MOLE Ransomware's instructions and paying an unspecified ransom or risking the potential destruction of their files. Malware analysts have yet to find any vulnerabilities in the MOLE Ransomware's encryption method, which places importance on having backups dating to before an infection.
Even though some PC users may choose to protect themselves by using virtual environments, this safety measure is often impractical and doesn't stop all file-encrypting threats. Anti-malware programs with high rates of detecting similar Trojans also may delete the MOLE Ransomware or, preferably, block the RIG Exploit Kit's drive-by-downloads. Since its install process requires misinformed consent from the user in multiple locations, simply being cautious about what prompts and links you click eliminates much of the risk in the MOLE Ransomware's current infection vectors.
Ransom-based Trojans are extremely dependent on mistakes from the people they're attacking. Use that weakness to your advantage and avoid assuming that anything that looks safe can't harm your computer or the files you save on it.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to MOLE Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
* See Free Trial offer below. EULA and Privacy/Cookie Policy.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\5E7D36C9.exe
File name: 5E7D36C9.exeSize: 159.74 KB (159744 bytes)
MD5: 7778d8d6b7b8bfc59a60ad0a3e23e79a
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
ff993bf1045d316feddcdb9fad538ac954a23903db130487393f9c3ae510aea1.exe
File name: ff993bf1045d316feddcdb9fad538ac954a23903db130487393f9c3ae510aea1.exeSize: 159.74 KB (159744 bytes)
MD5: a5d1968dd130c55f6d489e8cde0a063d
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
f1b94366f2f10ea20353a699e6baa1a9bb1b020542097bb92c523b9976235eb4.exe
File name: f1b94366f2f10ea20353a699e6baa1a9bb1b020542097bb92c523b9976235eb4.exeSize: 324.45 KB (324450 bytes)
MD5: ae7f92a75196e87aa8db98ff230df0d4
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
e517ee3143154a29be42ffbd9199913f74d8849331fcc676e83934de1a1de2ed.exe
File name: e517ee3143154a29be42ffbd9199913f74d8849331fcc676e83934de1a1de2ed.exeSize: 151.55 KB (151552 bytes)
MD5: 3eee60c87ff1c51f453899d7bd192d6d
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
dc46009d1a33ba4ad8272f3e13b226825cdcb70ba4b3d20ae7e054e0a8adbf1d.exe
File name: dc46009d1a33ba4ad8272f3e13b226825cdcb70ba4b3d20ae7e054e0a8adbf1d.exeSize: 432.95 KB (432952 bytes)
MD5: 3d340df3433c910500c55a6d03e93d78
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
d9a9d1d5b1cb47feb6e85c5523f8c20247a11c86bae24dd9d4aadb90791478ca.exe
File name: d9a9d1d5b1cb47feb6e85c5523f8c20247a11c86bae24dd9d4aadb90791478ca.exeSize: 582.49 KB (582498 bytes)
MD5: 4c4845b5b5f138f797349989644a88ae
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
8684d808cf2c7aeab453c95d8269ee3a4492adfcead1c93bef681de29192a1a1.exe
File name: 8684d808cf2c7aeab453c95d8269ee3a4492adfcead1c93bef681de29192a1a1.exeSize: 77.78 KB (77786 bytes)
MD5: bb3897302c220e6eb62334f7ac83e8a6
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
648eb39a5e77af2e2069e196a5709a93e81b29c74dbe2fa4ead4440e0f535e97.exe
File name: 648eb39a5e77af2e2069e196a5709a93e81b29c74dbe2fa4ead4440e0f535e97.exeSize: 90.11 KB (90112 bytes)
MD5: 48460c1f75469995a67349fe0766f776
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
4eb2d565b18d172a3b2b069ebf152dd6a1514e7b444eaffbbaff77f63984705c.exe
File name: 4eb2d565b18d172a3b2b069ebf152dd6a1514e7b444eaffbbaff77f63984705c.exeSize: 159.74 KB (159744 bytes)
MD5: 254abe18b689493a08c4fe12dd61c366
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
3ed7a05172c1bc52acec83f2ac17d1ad01e26d99e544804730f044c1042ce474.exe
File name: 3ed7a05172c1bc52acec83f2ac17d1ad01e26d99e544804730f044c1042ce474.exeSize: 232.29 KB (232290 bytes)
MD5: bc93bc9bf363e9c3b32dd484c61571ff
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
3b5b19ebe8d8b6c7e5b2ffd2cc194fad1ae6c9eade7646f48c595bd154f4b1e1.exe
File name: 3b5b19ebe8d8b6c7e5b2ffd2cc194fad1ae6c9eade7646f48c595bd154f4b1e1.exeSize: 85.5 KB (85504 bytes)
MD5: 132a4f45cd74a8dd906f0af3e582d0a9
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 1, 2020
C:\Users\<username>\AppData\Local\Temp\KB46174018.exe
File name: KB46174018.exeSize: 395.61 KB (395618 bytes)
MD5: d792da3b072e880333cc09c5764dd811
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\KB46174018.exe
Group: Malware file
Last Updated: January 6, 2022
14ec5d0f0cd02f1bca96214562b51097f1d7526b665dba8cb57d584a53a038fc.exe
File name: 14ec5d0f0cd02f1bca96214562b51097f1d7526b665dba8cb57d584a53a038fc.exeSize: 578.09 KB (578092 bytes)
MD5: 7437157e10b9c1a231fa751fc8d31e66
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
%SystemDrive%\system16\svwinsi32.exe
File name: svwinsi32.exeSize: 887.29 KB (887296 bytes)
MD5: a09251f74b1aae681c822b4ae12739ae
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\system16
Group: Malware file
Last Updated: August 3, 2017
%APPDATA%\system16\svwinse.exe
File name: svwinse.exeSize: 401.4 KB (401408 bytes)
MD5: 1cddf8fc941e4dfa6715a835abc13385
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\system16
Group: Malware file
Last Updated: June 27, 2017
More files
Registry Modifications
File name without pathINSTRUCTION_FOR_HELPING_FILE_RECOVERY.TXT
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.