cryptolocker | 8c5a5efc1302ebe59ee2436ea5cd65694eba58c055b4fa94d7a06b910871e122 | Triage

Sharing

General

Target

2024-01-09_c55dbd8b7162ec25f7e83e16cf1d57c5_cryptolocker
Size

338KB
Sample

240110-gqyfdaadh4
MD5

c55dbd8b7162ec25f7e83e16cf1d57c5
SHA1

375eafc974ac75d7656982912c11bf67e46a2f99
SHA256

8c5a5efc1302ebe59ee2436ea5cd65694eba58c055b4fa94d7a06b910871e122
SHA512

971b2c69ffe147d1b4f6c12c128b5dc6b642a0d8c7f7a5410c1589a3f4839fbf0d9a9aa3664008b1d95fd7bcdeb7fc6603123e57e658ff59d3f2e026425283bc
SSDEEP

6144:sWmw04uCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWk4uCaNT85I2vCMX5l+ZRv

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-01-09_c55dbd8b7162ec25f7e83e16cf1d57c5_cryptolocker
- Size
  
  338KB
- MD5
  
  c55dbd8b7162ec25f7e83e16cf1d57c5
- SHA1
  
  375eafc974ac75d7656982912c11bf67e46a2f99
- SHA256
  
  8c5a5efc1302ebe59ee2436ea5cd65694eba58c055b4fa94d7a06b910871e122
- SHA512
  
  971b2c69ffe147d1b4f6c12c128b5dc6b642a0d8c7f7a5410c1589a3f4839fbf0d9a9aa3664008b1d95fd7bcdeb7fc6603123e57e658ff59d3f2e026425283bc
- SSDEEP
  
  6144:sWmw04uCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWk4uCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware