9169fa6d62422f0b281fc365e21e56f2c87dd2076b076238838ac5e2b1a2c31c | Triage

Sharing

General

Target

2024-01-26_ebba5c38f26e587d4a70f386ca9b0f32_cryptolocker
Size

65KB
Sample

240126-d8ejfaefbq
MD5

ebba5c38f26e587d4a70f386ca9b0f32
SHA1

f92c84e06bcf35e3025f7658e038c0a6e9ba2a02
SHA256

9169fa6d62422f0b281fc365e21e56f2c87dd2076b076238838ac5e2b1a2c31c
SHA512

bbe59a95cfcca95c09e257b51792995dd32439eccbd33f4c7f635ea0a5cedc6a385e34833ecc178914e31ed552897c430ba91e9c06a8b93393c4f73afe8a504f
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3hvLcbVN:ZVxkGOtEvwDpjcawn

Score

10^/10

Malware Config

Targets

- Target
  
  2024-01-26_ebba5c38f26e587d4a70f386ca9b0f32_cryptolocker
- Size
  
  65KB
- MD5
  
  ebba5c38f26e587d4a70f386ca9b0f32
- SHA1
  
  f92c84e06bcf35e3025f7658e038c0a6e9ba2a02
- SHA256
  
  9169fa6d62422f0b281fc365e21e56f2c87dd2076b076238838ac5e2b1a2c31c
- SHA512
  
  bbe59a95cfcca95c09e257b51792995dd32439eccbd33f4c7f635ea0a5cedc6a385e34833ecc178914e31ed552897c430ba91e9c06a8b93393c4f73afe8a504f
- SSDEEP
  
  1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3hvLcbVN:ZVxkGOtEvwDpjcawn
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2