cryptolocker | ddb9b850fa0eee2f62463728b07bffc11eaa9b241d215029eaddf1de4ec54936 | Triage

Resubmissions

28-04-2023 22:43

230428-2npexaaf6v 10

06-04-2023 16:54

230406-vennpafh61 10

Sharing

General

Target

CryptoLocker_10Sep2013.zip
Size

282KB
Sample

230406-vennpafh61
MD5

22078ff56e3fcd674ec4b9322a7dee5b
SHA1

3a5d07577b40e85047dcfb0bd03a6fc23e7cc671
SHA256

ddb9b850fa0eee2f62463728b07bffc11eaa9b241d215029eaddf1de4ec54936
SHA512

6e1f260057ba8f8eb4568fac513f0b49094ae387d9a555c2600a75df00d1c091506e77dab58f36908b1c0cbfebb1d82984f915741c1a8b790f5f6c82f64add5e
SSDEEP

6144:WUCoUrZ5JGadcmBrwTbp7zgJxhlgL4U569Lmg7KCrrJRj+AP8:WUgrfJGadfByZzgJxhl1U569Lf7KCGA0

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  {71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
- Size
  
  338KB
- MD5
  
  04fb36199787f2e3e2135611a38321eb
- SHA1
  
  65559245709fe98052eb284577f1fd61c01ad20d
- SHA256
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
- SHA512
  
  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
- SSDEEP
  
  6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware