cryptolocker | 651f451aaf9a9694884322d91a225294af145006219c346d1a9b50a2d92db6d9 | Triage

Sharing

General

Target

651f451aaf9a9694884322d91a225294af145006219c346d1a9b50a2d92db6d9
Size

363KB
Sample

221206-y1k2gaab79
MD5

7ea2c970326af64b1b196c4dd12e61dc
SHA1

a3dbdf84d229d3ff549855cf7adc34e75d01efd3
SHA256

651f451aaf9a9694884322d91a225294af145006219c346d1a9b50a2d92db6d9
SHA512

1128583ed88f9a44b98c8ab6bbb55a75645e89242dae941dae69c659ba66e40bced6364cb4e05eae5a99be10d2742ed34ec714c314332150ede2fc8c62f6dcd1
SSDEEP

6144:s7I4W+7S5WSSYmPnjpv1WgTO3x5N22vWvLRKKAX5l++SyVI:cBS5VSHFdT85I2vCMX5l+Zn

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  651f451aaf9a9694884322d91a225294af145006219c346d1a9b50a2d92db6d9
- Size
  
  363KB
- MD5
  
  7ea2c970326af64b1b196c4dd12e61dc
- SHA1
  
  a3dbdf84d229d3ff549855cf7adc34e75d01efd3
- SHA256
  
  651f451aaf9a9694884322d91a225294af145006219c346d1a9b50a2d92db6d9
- SHA512
  
  1128583ed88f9a44b98c8ab6bbb55a75645e89242dae941dae69c659ba66e40bced6364cb4e05eae5a99be10d2742ed34ec714c314332150ede2fc8c62f6dcd1
- SSDEEP
  
  6144:s7I4W+7S5WSSYmPnjpv1WgTO3x5N22vWvLRKKAX5l++SyVI:cBS5VSHFdT85I2vCMX5l+Zn
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware