Overview

overview

10

Static

static

3

2024-02-07...er.exe

windows7-x64

10

2024-02-07...er.exe

windows10-2004-x64

10

Resubmissions

08-02-2024 19:01

240208-xpql5sbb94 10

07-02-2024 09:01

240207-ky1r9afcd2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker

  • Size

    370KB

  • Sample

    240207-ky1r9afcd2

  • MD5

    e89be3c49a4a6b1bdfd5a75f4ba47ceb

  • SHA1

    e903d24265e56113706bfde379a6f2a6acb1851e

  • SHA256

    c6a557f58591a6cb419bf81687d42c922fcc4dd870873d8692c78e88c71caaec

  • SHA512

    34a2049345596e810b5a72e8141a7ec233f95d7639c09beab8d21c06cef5a1b6490491e447e3564cbefce05cd5d58807e898985a49819ad49e84d1e056163d0b

  • SSDEEP

    6144:lHrjZhghBCLlsBxFJWCDA/tHHTdrXvdWgTO3x5N22vWvLRKKAX5l++SyVISD:BZhghBCMxFJWCE/tHz9/FT85I2vCMX5V

Score
10/10
cryptolockerpersistenceransomware

Malware Config

Targets

    • Target

      2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker

    • Size

      370KB

    • MD5

      e89be3c49a4a6b1bdfd5a75f4ba47ceb

    • SHA1

      e903d24265e56113706bfde379a6f2a6acb1851e

    • SHA256

      c6a557f58591a6cb419bf81687d42c922fcc4dd870873d8692c78e88c71caaec

    • SHA512

      34a2049345596e810b5a72e8141a7ec233f95d7639c09beab8d21c06cef5a1b6490491e447e3564cbefce05cd5d58807e898985a49819ad49e84d1e056163d0b

    • SSDEEP

      6144:lHrjZhghBCLlsBxFJWCDA/tHHTdrXvdWgTO3x5N22vWvLRKKAX5l++SyVISD:BZhghBCMxFJWCE/tHz9/FT85I2vCMX5V

    Score
    10/10
    cryptolockerpersistenceransomware

    • CryptoLocker

      Ransomware family with multiple variants.

      ransomwarecryptolocker

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks