cryptolocker | bb12757c6a14207d8a9cd4d42ff93747795f8a09186752b1c94b5b373abbaf11 | Triage

Sharing

General

Target

bb12757c6a14207d8a9cd4d42ff93747795f8a09186752b1c94b5b373abbaf11
Size

726KB
Sample

221204-ad5klahd96
MD5

9cbb128e8211a7cd00729c159815cb1c
SHA1

870a3d5d18501795e242c4579419f65e17ac8dbf
SHA256

bb12757c6a14207d8a9cd4d42ff93747795f8a09186752b1c94b5b373abbaf11
SHA512

b72eb446430e499954bfe2dd14b9504e3a9af18e983215718d40a8f9b388acd53f9911cf3d10de78a55b753c562fe2e41636f67d6139bec0c52333c4d66a6ae4
SSDEEP

12288:ovF1OoLe51k4HXM0DkkaG60OiM4jS0VsjS7me+DPvpmPafhIMvW6xAjCBBN:ovXOoLePpHXUke0OiRz77mdPvpmSJzv7

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  bb12757c6a14207d8a9cd4d42ff93747795f8a09186752b1c94b5b373abbaf11
- Size
  
  726KB
- MD5
  
  9cbb128e8211a7cd00729c159815cb1c
- SHA1
  
  870a3d5d18501795e242c4579419f65e17ac8dbf
- SHA256
  
  bb12757c6a14207d8a9cd4d42ff93747795f8a09186752b1c94b5b373abbaf11
- SHA512
  
  b72eb446430e499954bfe2dd14b9504e3a9af18e983215718d40a8f9b388acd53f9911cf3d10de78a55b753c562fe2e41636f67d6139bec0c52333c4d66a6ae4
- SSDEEP
  
  12288:ovF1OoLe51k4HXM0DkkaG60OiM4jS0VsjS7me+DPvpmPafhIMvW6xAjCBBN:ovXOoLePpHXUke0OiRz77mdPvpmSJzv7
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2