Bird_banner_small4
Trojan.MSIL.Karmen.A
TSL ID TSL20170418-01
Severity Moderate
Description

Trojan.MSIL.Karmen.A is a ransomware Trojan that targets the Windows platform. This malware sends out infected user identifier and the encryption key to its control server. The encryption key is a randomly generated password. It encrypts files with specific extension on the system and demands the infected user to pay a ransom in order to get the files decrypted.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 05427ED1C477CC01910EB9ADBF35068D
SHA1:
  • 4FCE6A20B08CA7861BF8E0A3B40182A17A87514C
Identifiers
Kaspersky
  • TROJAN-RANSOM.WIN32.CRYPMODADV.XGL
Microsoft Malware Protection Center
Sophos
  • MAL/CRYPTEAR-A
TrendMicro
Arcabit
  • TROJAN.GENERIC.D465CF8
AVG
  • RANSOMER.NFF
Avira
  • TR/DOWNLOADER.YWMEX
BitDefender
  • TROJAN.GENERICKD.4611320
Bkav
  • W32.CLODB91.TROJAN.4863
Cyren
  • W32/RANSOM.EZWC-8671
DrWeb
  • TROJAN.ENCODER.10493
ESET
  • MSIL/FILECODER.AK
Fortinet
  • MSIL/FILECODER.AK!TR
GData
  • MSIL.TROJAN-RANSOM.CRYPTEAR.R
Malwarebytes
  • RANSOM.KARMEN
NANO
  • TROJAN.WIN32.CRYPMODADV.EMLZTB
Rising
  • RANSOM.FILECRYPTOR!8.1A7
Tencent
  • WIN32.TROJAN.CRYPMODADV.DKS
ViRobot
  • TROJAN.WIN32.Z.FILECODER.12800.B
Yandex
  • TROJAN.CRYPMODADV!
Zillya
  • TROJAN.FILECODER.WIN32.3331
References https://www.bleepingcomputer.com/news/security/new-karmen-ransomware-as-a-service-advertised-on-hacking-forums/
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/RANSOM_HIDDENTEARKARMEN.A
Related Threats