cryptolocker | c79945126775a6167e1b3ec32231d7bed8f3a0288c1f11cac4066bd9fbbb1bdd | Triage

Sharing

General

Target

Ransomware.CryptoLocker.zip
Size

279KB
Sample

231005-m89h9acd62
MD5

6e15a34aa02c1299cd12253de377e0eb
SHA1

dcebc477a7cc5c6f77d5cce4925806375b0114f0
SHA256

c79945126775a6167e1b3ec32231d7bed8f3a0288c1f11cac4066bd9fbbb1bdd
SHA512

da1a7e8a5e9719ee6a9152c8e044b9f6bacc095935ab2adfb7dae2807b31c1062a1de9a13ab6eef45eae6c266e69f1aedd984cf9c5795d4d412218a1e0e3c70e
SSDEEP

6144:tUvYPlKwnC17bMPiTlvYhRjU/k6dTBPMcjP/M70ynYi6GO:tUvrEklQhRg/xYWP/MwAvHO

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  Ransomware.CryptoLocker.exe
- Size
  
  338KB
- MD5
  
  04fb36199787f2e3e2135611a38321eb
- SHA1
  
  65559245709fe98052eb284577f1fd61c01ad20d
- SHA256
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
- SHA512
  
  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
- SSDEEP
  
  6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware