cryptolocker | 19013092dd66f787e2f8b3236f835ed4dba319e909ebdccdc6454aeac6530005 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.dyze-19013092dd66f787e2f8b3236f835ed4dba319e909ebdccdc6454aeac6530005
Size

870KB
Sample

221106-xdpwgafgd4
MD5

e93af50428fcc74af931bfed7a1dc1b2
SHA1

9d49afd20fdd7b02944c149c86e5d94038d2311f
SHA256

19013092dd66f787e2f8b3236f835ed4dba319e909ebdccdc6454aeac6530005
SHA512

2f1a273123d09c94d778830d7498813df37eb33c7adf82abd0831e9658f0eae5ec3ea8945035295074b9eb4e94f446be05f16a5ace9a62a8fee281f421e01981
SSDEEP

12288:DoqwmCU3rRTTClQzzBnBwbwZ04htC5hDHsrY+oC9Q7ICnqDNs7Q+sSG61OMk+xID:klQN/TBBw0Z0KE5hDHeH3wqa7Q+O0

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.dyze-19013092dd66f787e2f8b3236f835ed4dba319e909ebdccdc6454aeac6530005
- Size
  
  870KB
- MD5
  
  e93af50428fcc74af931bfed7a1dc1b2
- SHA1
  
  9d49afd20fdd7b02944c149c86e5d94038d2311f
- SHA256
  
  19013092dd66f787e2f8b3236f835ed4dba319e909ebdccdc6454aeac6530005
- SHA512
  
  2f1a273123d09c94d778830d7498813df37eb33c7adf82abd0831e9658f0eae5ec3ea8945035295074b9eb4e94f446be05f16a5ace9a62a8fee281f421e01981
- SSDEEP
  
  12288:DoqwmCU3rRTTClQzzBnBwbwZ04htC5hDHsrY+oC9Q7ICnqDNs7Q+sSG61OMk+xID:klQN/TBBw0Z0KE5hDHeH3wqa7Q+O0
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware