cryptolocker | 60f4de6a343a174eebb2455834b4333103d0159b5a975f793e98b91bcc96594a | Triage

Sharing

General

Target

8bd61c883e9ffc637c7dd0bf7ab93d6b
Size

696KB
Sample

231222-pk72maabar
MD5

8bd61c883e9ffc637c7dd0bf7ab93d6b
SHA1

fd2fcc0d26d4aff9adbed3b57befb2568222ff38
SHA256

60f4de6a343a174eebb2455834b4333103d0159b5a975f793e98b91bcc96594a
SHA512

e37e32b1bf6b6a63ec02855cf540d7c188b308c332efd63b82a32b2344b7d8d0fdd9a2eade329d7ac682a2ab4133dac19fbf2c1a5bdb2d6d6b37402a4628bd49
SSDEEP

12288:IsmFRVtoSeN6hocevUGQ8zRNXnf8HWpKKXNAh/gEHjE:IsgvEVcevrsiKmWh/g+

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  8bd61c883e9ffc637c7dd0bf7ab93d6b
- Size
  
  696KB
- MD5
  
  8bd61c883e9ffc637c7dd0bf7ab93d6b
- SHA1
  
  fd2fcc0d26d4aff9adbed3b57befb2568222ff38
- SHA256
  
  60f4de6a343a174eebb2455834b4333103d0159b5a975f793e98b91bcc96594a
- SHA512
  
  e37e32b1bf6b6a63ec02855cf540d7c188b308c332efd63b82a32b2344b7d8d0fdd9a2eade329d7ac682a2ab4133dac19fbf2c1a5bdb2d6d6b37402a4628bd49
- SSDEEP
  
  12288:IsmFRVtoSeN6hocevUGQ8zRNXnf8HWpKKXNAh/gEHjE:IsgvEVcevrsiKmWh/g+
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware