Overview

overview

8

Static

static

cryptor.exe

windows7-x64

8

cryptor.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cryptor.bin

  • Size

    226KB

  • Sample

    221129-wxthbsdc53

  • MD5

    3eff7826b6eea73b0206f11d08073a68

  • SHA1

    578b1b0f46491b9d39d21f2103cb437bc2d71cac

  • SHA256

    7f6421cdf6355edfdcbddadd26bcdfbf984def301df3c6c03d71af8e30bb781f

  • SHA512

    65475eae1ae0e654dd691e63aeddf1c52d531fec7efb1d87edcdcff041a509a84ef7f5a2d0ee896c7150ece9f74330db717bb31eb8728f5bf64c93a04d1bbc3f

  • SSDEEP

    3072:+YiGnOXzCukJfvJxr2uvUYGQ2kzwlql7PBECBwvPW2GZF5A4s+bWo:JnOjPMjNzzwkBiCuGPWo

Score
8/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      cryptor.bin

    • Size

      226KB

    • MD5

      3eff7826b6eea73b0206f11d08073a68

    • SHA1

      578b1b0f46491b9d39d21f2103cb437bc2d71cac

    • SHA256

      7f6421cdf6355edfdcbddadd26bcdfbf984def301df3c6c03d71af8e30bb781f

    • SHA512

      65475eae1ae0e654dd691e63aeddf1c52d531fec7efb1d87edcdcff041a509a84ef7f5a2d0ee896c7150ece9f74330db717bb31eb8728f5bf64c93a04d1bbc3f

    • SSDEEP

      3072:+YiGnOXzCukJfvJxr2uvUYGQ2kzwlql7PBECBwvPW2GZF5A4s+bWo:JnOjPMjNzzwkBiCuGPWo

    Score
    8/10
    ransomwarespywarestealer

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks