cryptolocker | b4c05e0e065058ae79d3ce9d51a470946aae036d2b163f85adcef10a6343246a | Triage

Sharing

General

Target

b4c05e0e065058ae79d3ce9d51a470946aae036d2b163f85adcef10a6343246a
Size

744KB
Sample

221026-2d1eeshee2
MD5

7f3cc059ffc6c11fe42695e5f19553ab
SHA1

f22555d2898e3486b2c628a2e523657f5fbbe475
SHA256

b4c05e0e065058ae79d3ce9d51a470946aae036d2b163f85adcef10a6343246a
SHA512

441654be8d2f49ae98d60c9a71f903d5bc861fa3c61806f78c93ed04cce1c9e1efa75961813c11119b1e1db8b181aa237e4ae0cb24fa8a9f1a7d2590229c98fc
SSDEEP

12288:qq/OIg++nlSl1ljxOzAqzmkZh9Twx2p9SoBUkAKL9Aus+8:qq/OIYlSl/jTqzmMhwW9KgL+

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  b4c05e0e065058ae79d3ce9d51a470946aae036d2b163f85adcef10a6343246a
- Size
  
  744KB
- MD5
  
  7f3cc059ffc6c11fe42695e5f19553ab
- SHA1
  
  f22555d2898e3486b2c628a2e523657f5fbbe475
- SHA256
  
  b4c05e0e065058ae79d3ce9d51a470946aae036d2b163f85adcef10a6343246a
- SHA512
  
  441654be8d2f49ae98d60c9a71f903d5bc861fa3c61806f78c93ed04cce1c9e1efa75961813c11119b1e1db8b181aa237e4ae0cb24fa8a9f1a7d2590229c98fc
- SSDEEP
  
  12288:qq/OIg++nlSl1ljxOzAqzmkZh9Twx2p9SoBUkAKL9Aus+8:qq/OIYlSl/jTqzmMhwW9KgL+
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2