Bird_banner_small4
Trojan.Win32.Defray.A
TSL ID TSL20170911-01
Severity Moderate
Description

Trojan.Win32.Defray.A is a ransomware Trojan that targets the Windows platform. It is reported that the malware has been used in targeted attacks. The malware encrypts files with specific extensions on the infected system. It leaves the ransom note on the infected machine, with instructions to follow in order to get the files decrypted and contacts a remote server to report its infection.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • D13F890034A68CCB4AF4E0BF51E2B5EC
SHA1:
  • 84AFDE24C913C007B0C0490041B61877AA254737
Identifiers
Kaspersky
  • TROJAN-RANSOM.WIN32.AGENT.JAB
Microsoft Malware Protection Center
Sophos
  • TROJ/RANSOM-EQK
Symantec
  • RANSOM.DEFRAY
TrendMicro
AegisLab
  • ML.ATTRIBUTE.GEN!C
AhnLab-V3
  • TROJAN/WIN32.RANSOM.C2104118
ALYac
  • TROJAN.RANSOM.DEFRAY
Antiy-AVL
  • TROJAN/WIN32.BTSGENERIC
Arcabit
  • TROJAN.GENERIC.DBA1F92
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9897
BitDefender
  • TROJAN.GENERICKD.12197778
CAT-QuickHeal
  • RANSOM.DEFRAY.S1395294
ClamAV
  • WIN.RANSOMWARE.DEFRAY-6336140-2
Cyren
  • W32/TROJAN.NBFU-4151
DrWeb
  • TROJAN.ENCODER.13975
ESET-NOD32
  • WIN32/FILECODER.NNJ
Fortinet
  • W32/RANSOM.EQK!TR
Ikarus
  • TROJAN-RANSOM.DEFRAY
Jiangmin
  • TROJAN.DESHACOP.XS
NANO-Antivirus
  • TROJAN.WIN32.GENERICKD.ESGDJW
Rising
  • RANSOM.GENASOM!8.293
Tencent
  • WIN32.TROJAN.INJECT.AUTO
ViRobot
  • TROJAN.WIN32.DEFRAY.744960
Webroot
  • W32.TROJAN.GENKD
Yandex
  • TROJAN.AGENT!FV57PL6V3BW
Zillya
  • TROJAN.DESHACOP.WIN32.879
References https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/defray-ransomware-sets-sights-on-healthcare-and-other-industries
Related Threats