cryptolocker | ba1a0c0e8d7887e73c5dc27466516ed96eb6ee5490a6977498f060e6cb5b05f5 | Triage

Sharing

General

Target

2024-02-07_86771976a99148ecd44c3033fe04e02c_cryptolocker
Size

370KB
Sample

240207-kyvw1afcc8
MD5

86771976a99148ecd44c3033fe04e02c
SHA1

8e692c3c6af7840eab6080ed26d011820318c5e2
SHA256

ba1a0c0e8d7887e73c5dc27466516ed96eb6ee5490a6977498f060e6cb5b05f5
SHA512

448e9d6f040d77aeb99616acd64ebe7ddad39eb70212ce15828babf8d7c6d3e6835f42447a854482d29b3103d33e2a96c97c4198db6406cb29f5bd1658b4efff
SSDEEP

6144:lHrjZhghBCLlsBxFJWCDA/tHHTdtlXvdWgTO3x5N22vWvLRKKAX5l++SyVISD:BZhghBCMxFJWCE/tHzh/FT85I2vCMX5V

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-02-07_86771976a99148ecd44c3033fe04e02c_cryptolocker
- Size
  
  370KB
- MD5
  
  86771976a99148ecd44c3033fe04e02c
- SHA1
  
  8e692c3c6af7840eab6080ed26d011820318c5e2
- SHA256
  
  ba1a0c0e8d7887e73c5dc27466516ed96eb6ee5490a6977498f060e6cb5b05f5
- SHA512
  
  448e9d6f040d77aeb99616acd64ebe7ddad39eb70212ce15828babf8d7c6d3e6835f42447a854482d29b3103d33e2a96c97c4198db6406cb29f5bd1658b4efff
- SSDEEP
  
  6144:lHrjZhghBCLlsBxFJWCDA/tHHTdtlXvdWgTO3x5N22vWvLRKKAX5l++SyVISD:BZhghBCMxFJWCE/tHzh/FT85I2vCMX5V
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware