732a3f4f5c24fcf36cfb1c411ff83ffcff98f6327ec51cfd62b48e9c5cd8c241 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-26_c3ca7a835b31f8afbe30906184c9e83b_cryptolocker
Size

31KB
Sample

240126-kfwqkshhb2
MD5

c3ca7a835b31f8afbe30906184c9e83b
SHA1

f36090253348b83c9502942c62dbfcdaac97857d
SHA256

732a3f4f5c24fcf36cfb1c411ff83ffcff98f6327ec51cfd62b48e9c5cd8c241
SHA512

54437157af4792c62bfdce78201609022a80160b1c3d15e8f2d9f465fc924cfe2d51b44f64d4cadcc9a997527b1fb1f87397130702758e015c827c6ade21425f
SSDEEP

384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cuM98t:bAvJCYOOvbRPDEgXRcuM98t

Score

10^/10

Malware Config

Targets

- Target
  
  2024-01-26_c3ca7a835b31f8afbe30906184c9e83b_cryptolocker
- Size
  
  31KB
- MD5
  
  c3ca7a835b31f8afbe30906184c9e83b
- SHA1
  
  f36090253348b83c9502942c62dbfcdaac97857d
- SHA256
  
  732a3f4f5c24fcf36cfb1c411ff83ffcff98f6327ec51cfd62b48e9c5cd8c241
- SHA512
  
  54437157af4792c62bfdce78201609022a80160b1c3d15e8f2d9f465fc924cfe2d51b44f64d4cadcc9a997527b1fb1f87397130702758e015c827c6ade21425f
- SSDEEP
  
  384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cuM98t:bAvJCYOOvbRPDEgXRcuM98t
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2