cryptolocker | 9ec4697891cc6c9add803044a29bdd9d05701509b9eddc370d4caf00c15ef734 | Triage

Sharing

General

Target

9ec4697891cc6c9add803044a29bdd9d05701509b9eddc370d4caf00c15ef734
Size

355KB
Sample

221206-ypme6ahc36
MD5

de400607d06b41a6f8b0935c3607541d
SHA1

f9924a0eb4e715f2c5e370235d39f295b6f95aa8
SHA256

9ec4697891cc6c9add803044a29bdd9d05701509b9eddc370d4caf00c15ef734
SHA512

4c7949096a20017489635d5440ab46513ccf12fe9cb57a1a0b0fd609db9ccf624bf1623d254c2adba8c510f4fcda1dc6b521a6b66860f7904cc8baac45f8018e
SSDEEP

6144:MzsQe4NQnn7swHWLJwpFHBqZ4IBbe5RJ7GgcbjYkuyfRVnL:MzReciWLMFh4DYRJ7EYklpp

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  9ec4697891cc6c9add803044a29bdd9d05701509b9eddc370d4caf00c15ef734
- Size
  
  355KB
- MD5
  
  de400607d06b41a6f8b0935c3607541d
- SHA1
  
  f9924a0eb4e715f2c5e370235d39f295b6f95aa8
- SHA256
  
  9ec4697891cc6c9add803044a29bdd9d05701509b9eddc370d4caf00c15ef734
- SHA512
  
  4c7949096a20017489635d5440ab46513ccf12fe9cb57a1a0b0fd609db9ccf624bf1623d254c2adba8c510f4fcda1dc6b521a6b66860f7904cc8baac45f8018e
- SSDEEP
  
  6144:MzsQe4NQnn7swHWLJwpFHBqZ4IBbe5RJ7GgcbjYkuyfRVnL:MzReciWLMFh4DYRJ7EYklpp
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware