cryptolocker | f2181881d6ab133323dba5fecbf0cc4236f794ed1261406712b13307e98b90a1 | Triage

Sharing

General

Target

f2181881d6ab133323dba5fecbf0cc4236f794ed1261406712b13307e98b90a1
Size

778KB
Sample

221204-th57gadf87
MD5

374f74def24ea6afad4e5f4b15dcd263
SHA1

2c8d39345f5fdf44e8ef5e5175a53dace47103bc
SHA256

f2181881d6ab133323dba5fecbf0cc4236f794ed1261406712b13307e98b90a1
SHA512

c85de578c5904774771b9b6996679ad4c8f6bffd44666f95c5db3cb6ab6403e4949109a939dfdfc3512fd646ca7f77d976116601856a014cc40bba0cb08bf6a1
SSDEEP

12288:TgrGvwCz09gu/di1wRgK94/LP5Ib8sfY2Qgtl2cCch0Nl+NF+n4yUEnYPcoPL3dz:p109hdi1wR59RIsLvz2cCcsl+NqHyz

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  f2181881d6ab133323dba5fecbf0cc4236f794ed1261406712b13307e98b90a1
- Size
  
  778KB
- MD5
  
  374f74def24ea6afad4e5f4b15dcd263
- SHA1
  
  2c8d39345f5fdf44e8ef5e5175a53dace47103bc
- SHA256
  
  f2181881d6ab133323dba5fecbf0cc4236f794ed1261406712b13307e98b90a1
- SHA512
  
  c85de578c5904774771b9b6996679ad4c8f6bffd44666f95c5db3cb6ab6403e4949109a939dfdfc3512fd646ca7f77d976116601856a014cc40bba0cb08bf6a1
- SSDEEP
  
  12288:TgrGvwCz09gu/di1wRgK94/LP5Ib8sfY2Qgtl2cCch0Nl+NF+n4yUEnYPcoPL3dz:p109hdi1wR59RIsLvz2cCcsl+NqHyz
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2