General

  • Target

    2024-01-25_460bece27acfd54bb18c1273981fd573_cryptolocker

  • Size

    68KB

  • Sample

    240125-wdtnzscaf4

  • MD5

    460bece27acfd54bb18c1273981fd573

  • SHA1

    a41c1912deb99a0cae0c33510bf64cc116719a4d

  • SHA256

    76ae47ac490af4532d0fe3e5816ab09e09b18f1f2cf4ce0b29da451a60366ba3

  • SHA512

    9410e6f3e6db78d22b67839d4a1827c505c6018abb39c0039836ac872d9519d13d1a0468cce67ea69076e47b450922dc46c234b8909670214a20c4166ba3d07b

  • SSDEEP

    1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAeBE:z6a+CdOOtEvwDpjQC

Score
10/10

Malware Config

Targets

    • Target

      2024-01-25_460bece27acfd54bb18c1273981fd573_cryptolocker

    • Size

      68KB

    • MD5

      460bece27acfd54bb18c1273981fd573

    • SHA1

      a41c1912deb99a0cae0c33510bf64cc116719a4d

    • SHA256

      76ae47ac490af4532d0fe3e5816ab09e09b18f1f2cf4ce0b29da451a60366ba3

    • SHA512

      9410e6f3e6db78d22b67839d4a1827c505c6018abb39c0039836ac872d9519d13d1a0468cce67ea69076e47b450922dc46c234b8909670214a20c4166ba3d07b

    • SSDEEP

      1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAeBE:z6a+CdOOtEvwDpjQC

    Score
    10/10
    • Kinsing

      Kinsing is a loader written in Golang.

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks