cryptolocker | 0dd7f3dffe8c6e69df6137cb413ad25c474d73a86f1d46d52846990aa66e6f43 | Triage

Sharing

General

Target

0dd7f3dffe8c6e69df6137cb413ad25c474d73a86f1d46d52846990aa66e6f43
Size

343KB
Sample

220529-tj5x4afbb3
MD5

012d9088558072bc3103ab5da39ddd54
SHA1

a6eee7369eb008fe48789ad4e8d2d8dcba4f23d9
SHA256

0dd7f3dffe8c6e69df6137cb413ad25c474d73a86f1d46d52846990aa66e6f43
SHA512

ecd1258b11d5f66c25f2ab26430c23b9b6d9e04777962ea11e275f64a86a9dcd1400a665d022a8924b727ac3298c8569f49f268a619b21818fb980d1e0a38418

Score

10^/10

cryptolocker persistence ransomware suricata

Malware Config

Targets

- Target
  
  0dd7f3dffe8c6e69df6137cb413ad25c474d73a86f1d46d52846990aa66e6f43
- Size
  
  343KB
- MD5
  
  012d9088558072bc3103ab5da39ddd54
- SHA1
  
  a6eee7369eb008fe48789ad4e8d2d8dcba4f23d9
- SHA256
  
  0dd7f3dffe8c6e69df6137cb413ad25c474d73a86f1d46d52846990aa66e6f43
- SHA512
  
  ecd1258b11d5f66c25f2ab26430c23b9b6d9e04777962ea11e275f64a86a9dcd1400a665d022a8924b727ac3298c8569f49f268a619b21818fb980d1e0a38418
Score

10^/10

cryptolocker persistence ransomware suricata
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomwaresuricata

behavioral2

cryptolockerpersistenceransomwaresuricata