General
-
Target
cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.com
-
Size
705KB
-
Sample
230331-ykke1ach92
-
MD5
b7c783df79f96d074affa41b888be8c5
-
SHA1
04f58ffad70797494d0cbacb5607afb2a50e67ff
-
SHA256
2f1aaf153e400de697cdd81e46b8436ff28adfc24ffff27a86e1c43e4034538f
-
SHA512
ae9c52f483a3dfc58c7b9ccf5c8c172ef307aebbba4bf855c9f132f3e2fffa5823d3ab868ea1b68d734ece447cd8ac51a8ca5b5f17efe1bcef7da86e7dce54ca
-
SSDEEP
12288:YF2crHSuZfzDN8Bh6jW+VqnoURMpJwGcjnCwMi0:e2ceUBiQi+AoUmp6vXMi0
Static task
static1
Behavioral task
behavioral1
Sample
cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.com
-
Size
705KB
-
MD5
b7c783df79f96d074affa41b888be8c5
-
SHA1
04f58ffad70797494d0cbacb5607afb2a50e67ff
-
SHA256
2f1aaf153e400de697cdd81e46b8436ff28adfc24ffff27a86e1c43e4034538f
-
SHA512
ae9c52f483a3dfc58c7b9ccf5c8c172ef307aebbba4bf855c9f132f3e2fffa5823d3ab868ea1b68d734ece447cd8ac51a8ca5b5f17efe1bcef7da86e7dce54ca
-
SSDEEP
12288:YF2crHSuZfzDN8Bh6jW+VqnoURMpJwGcjnCwMi0:e2ceUBiQi+AoUmp6vXMi0
Score8/10-
Modifies Installed Components in the registry
-
Registers new Print Monitor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-