General
-
Target
2024-01-29_ef6b80a6e65b4db6e72f28dc90c3c485_cryptolocker
-
Size
39KB
-
Sample
240129-c289sshebr
-
MD5
ef6b80a6e65b4db6e72f28dc90c3c485
-
SHA1
4cd40c2f7cc1cc20708aef99e41acb53d312287f
-
SHA256
3ac57ee5cc53287cb8dd96b445ace415809ebc484f712d2b94d70644c913b6cc
-
SHA512
5159bc5615432bfb92c7c95b4f475cd170b612e70e751bea186d0400d37140dd14671f6bce99bd390e7e8a63a30b239ba82c48cfea225e29c87b1d5987a10f29
-
SSDEEP
768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvgpnGi:m5nkFNMOtEvwDpjG8hgpz
Malware Config
Targets
-
-
Target
2024-01-29_ef6b80a6e65b4db6e72f28dc90c3c485_cryptolocker
-
Size
39KB
-
MD5
ef6b80a6e65b4db6e72f28dc90c3c485
-
SHA1
4cd40c2f7cc1cc20708aef99e41acb53d312287f
-
SHA256
3ac57ee5cc53287cb8dd96b445ace415809ebc484f712d2b94d70644c913b6cc
-
SHA512
5159bc5615432bfb92c7c95b4f475cd170b612e70e751bea186d0400d37140dd14671f6bce99bd390e7e8a63a30b239ba82c48cfea225e29c87b1d5987a10f29
-
SSDEEP
768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvgpnGi:m5nkFNMOtEvwDpjG8hgpz
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-