Overview

overview

10

Static

static

3

{71257279-...a}.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CryptoLocker_10Sep2013.zip

  • Size

    282KB

  • Sample

    230720-c2mqsscd35

  • MD5

    22078ff56e3fcd674ec4b9322a7dee5b

  • SHA1

    3a5d07577b40e85047dcfb0bd03a6fc23e7cc671

  • SHA256

    ddb9b850fa0eee2f62463728b07bffc11eaa9b241d215029eaddf1de4ec54936

  • SHA512

    6e1f260057ba8f8eb4568fac513f0b49094ae387d9a555c2600a75df00d1c091506e77dab58f36908b1c0cbfebb1d82984f915741c1a8b790f5f6c82f64add5e

  • SSDEEP

    6144:WUCoUrZ5JGadcmBrwTbp7zgJxhlgL4U569Lmg7KCrrJRj+AP8:WUgrfJGadfByZzgJxhl1U569Lf7KCGA0

Score
10/10
cryptolockerpersistenceransomware

Malware Config

Targets

    • Target

      {71257279-042b-371d-a1d3-fbf8d2fadffa}.exe

    • Size

      338KB

    • MD5

      04fb36199787f2e3e2135611a38321eb

    • SHA1

      65559245709fe98052eb284577f1fd61c01ad20d

    • SHA256

      d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

    • SHA512

      533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

    • SSDEEP

      6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv

    Score
    10/10
    cryptolockerpersistenceransomware

    • CryptoLocker

      Ransomware family with multiple variants.

      ransomwarecryptolocker

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks