cryptolocker | 41c7d90bca58b1c919ec1e69888fd1ea969b11fdec6d4830500c7f60101caba9 | Triage

Sharing

General

Target

2024-01-10_df9034a728ae85bc8b989b525fbcf699_cryptolocker
Size

338KB
Sample

240111-gnz67aaber
MD5

df9034a728ae85bc8b989b525fbcf699
SHA1

1a8316dc5d4cbb8af8aa6f67c5905d53696380d3
SHA256

41c7d90bca58b1c919ec1e69888fd1ea969b11fdec6d4830500c7f60101caba9
SHA512

01c5c10c085b840813479a407d8b053d553816aadd03459590663026dc41bb1f355116c249ed67da0f4b7615f606bdd19ce7ee253bb5ebbf77c5e1341c43985b
SSDEEP

6144:sWmw0DuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkDuCaNT85I2vCMX5l+ZRv

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-01-10_df9034a728ae85bc8b989b525fbcf699_cryptolocker
- Size
  
  338KB
- MD5
  
  df9034a728ae85bc8b989b525fbcf699
- SHA1
  
  1a8316dc5d4cbb8af8aa6f67c5905d53696380d3
- SHA256
  
  41c7d90bca58b1c919ec1e69888fd1ea969b11fdec6d4830500c7f60101caba9
- SHA512
  
  01c5c10c085b840813479a407d8b053d553816aadd03459590663026dc41bb1f355116c249ed67da0f4b7615f606bdd19ce7ee253bb5ebbf77c5e1341c43985b
- SSDEEP
  
  6144:sWmw0DuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkDuCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2