cryptolocker | b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4 | Triage

Sharing

General

Target

b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
Size

732KB
Sample

221206-vbmbfshf71
MD5

a8e0d4771c1f71709ddb63d9a75dc895
SHA1

347b21e94912e99fb312153948d1f2758454e136
SHA256

b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
SHA512

00eb0353b5568995dd359df63c166025f788a70d4616312c609bbad410faaca490fc84ea4379c3a3f2eaf50cabd97987e87d266f6a9c63786113ed44ed0dabf3
SSDEEP

12288:YOpgKjXa7yw83/HhJ0I1Rn7r0EQvqFg9iBUVC3noXA:YOpgKjqL83/IgYEQiFkMmEoX

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
- Size
  
  732KB
- MD5
  
  a8e0d4771c1f71709ddb63d9a75dc895
- SHA1
  
  347b21e94912e99fb312153948d1f2758454e136
- SHA256
  
  b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
- SHA512
  
  00eb0353b5568995dd359df63c166025f788a70d4616312c609bbad410faaca490fc84ea4379c3a3f2eaf50cabd97987e87d266f6a9c63786113ed44ed0dabf3
- SSDEEP
  
  12288:YOpgKjXa7yw83/HhJ0I1Rn7r0EQvqFg9iBUVC3noXA:YOpgKjqL83/IgYEQiFkMmEoX
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2