cryptolocker | a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247 | Triage

Sharing

General

Target

a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
Size

380KB
Sample

221019-1wttxsaddq
MD5

a2481f0e6e6ba5262846a3c9919fc3f0
SHA1

ea7f82eb961fe7846d9d50ac256c005722cbdd93
SHA256

a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
SHA512

c130d91021a55836a07cce65bb545f86f3a309ff8545646bdf49430eae6d2729f217878fd9bf6e08d40223cf5de97474a054eb3dd274e24fa244721df5ad3603
SSDEEP

6144:dhdo9xPW/afhV3ceWu5e2Rio6AMqXv+/WgTO3x5N22vWvLRKKAX5l++SyVI:Twsafhege+6AMq/+bT85I2vCMX5l+Zn

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
- Size
  
  380KB
- MD5
  
  a2481f0e6e6ba5262846a3c9919fc3f0
- SHA1
  
  ea7f82eb961fe7846d9d50ac256c005722cbdd93
- SHA256
  
  a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
- SHA512
  
  c130d91021a55836a07cce65bb545f86f3a309ff8545646bdf49430eae6d2729f217878fd9bf6e08d40223cf5de97474a054eb3dd274e24fa244721df5ad3603
- SSDEEP
  
  6144:dhdo9xPW/afhV3ceWu5e2Rio6AMqXv+/WgTO3x5N22vWvLRKKAX5l++SyVI:Twsafhege+6AMq/+bT85I2vCMX5l+Zn
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware