General
-
Target
2024-02-04_f9d7a4c14974282f96cab2585f200eb4_cryptolocker
-
Size
4.5MB
-
Sample
240204-yhszcsbedj
-
MD5
f9d7a4c14974282f96cab2585f200eb4
-
SHA1
217ccf430083328bc82ac696b8885e6c7ddab6f6
-
SHA256
5613edcddee9cffbab9e58c82eef670bb2b82454037e33637dda2c648c63e705
-
SHA512
3cd3bbac1f24450b970d4fb9b9bd7c825a557715decbaf61128f3b14d6a24097fa5e61b4e78273b391e3c9bb437794be670d0f5ee416a6439ce50ca18463fb54
-
SSDEEP
98304:g/ZFIjBzldUfs/ZFIjBz7jSZD1tU7ymTD:g/ZFIjBzF/ZFIjBzPEUusD
Malware Config
Targets
-
-
Target
2024-02-04_f9d7a4c14974282f96cab2585f200eb4_cryptolocker
-
Size
4.5MB
-
MD5
f9d7a4c14974282f96cab2585f200eb4
-
SHA1
217ccf430083328bc82ac696b8885e6c7ddab6f6
-
SHA256
5613edcddee9cffbab9e58c82eef670bb2b82454037e33637dda2c648c63e705
-
SHA512
3cd3bbac1f24450b970d4fb9b9bd7c825a557715decbaf61128f3b14d6a24097fa5e61b4e78273b391e3c9bb437794be670d0f5ee416a6439ce50ca18463fb54
-
SSDEEP
98304:g/ZFIjBzldUfs/ZFIjBz7jSZD1tU7ymTD:g/ZFIjBzF/ZFIjBzPEUusD
Score9/10-
Detection of CryptoLocker Variants
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-