2f1aaf153e400de697cdd81e46b8436ff28adfc24ffff27a86e1c43e4034538f | Triage

Submit
Reports

Overview

overview

8

Static

static

1

cryptolock...in.exe

windows7-x64

8

cryptolock...in.exe

windows10-2004-x64

8

Sharing

General

Target

cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.com
Size

705KB
Sample

230331-ykke1ach92
MD5

b7c783df79f96d074affa41b888be8c5
SHA1

04f58ffad70797494d0cbacb5607afb2a50e67ff
SHA256

2f1aaf153e400de697cdd81e46b8436ff28adfc24ffff27a86e1c43e4034538f
SHA512

ae9c52f483a3dfc58c7b9ccf5c8c172ef307aebbba4bf855c9f132f3e2fffa5823d3ab868ea1b68d734ece447cd8ac51a8ca5b5f17efe1bcef7da86e7dce54ca
SSDEEP

12288:YF2crHSuZfzDN8Bh6jW+VqnoURMpJwGcjnCwMi0:e2ceUBiQi+AoUmp6vXMi0

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.exe

Resource

win7-20230220-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.com
- Size
  
  705KB
- MD5
  
  b7c783df79f96d074affa41b888be8c5
- SHA1
  
  04f58ffad70797494d0cbacb5607afb2a50e67ff
- SHA256
  
  2f1aaf153e400de697cdd81e46b8436ff28adfc24ffff27a86e1c43e4034538f
- SHA512
  
  ae9c52f483a3dfc58c7b9ccf5c8c172ef307aebbba4bf855c9f132f3e2fffa5823d3ab868ea1b68d734ece447cd8ac51a8ca5b5f17efe1bcef7da86e7dce54ca
- SSDEEP
  
  12288:YF2crHSuZfzDN8Bh6jW+VqnoURMpJwGcjnCwMi0:e2ceUBiQi+AoUmp6vXMi0
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Registers new Print Monitor
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy