General
-
Target
2024-02-17_2c392bc9a01f35e498e3acadf8599755_cryptolocker
-
Size
128KB
-
Sample
240217-nk3apseb6z
-
MD5
2c392bc9a01f35e498e3acadf8599755
-
SHA1
f54edd9ae15b2f9eddb55722d75ff47b3408c34e
-
SHA256
d6d3e6bf0b6e1905b704cd0912ef9cc2d326512a706f14e9a1ac3940b9134ab7
-
SHA512
44ed681256d3b953f23551ef3eedfd2490e088d89d5f82312aacf40ccbbbd18e4cc885236522a4099476604aaa409099b1bf7ecaef6df8dee13a740c6477ca43
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp699GNtL1eeW:AnBdOOtEvwDpj6zj
Malware Config
Targets
-
-
Target
2024-02-17_2c392bc9a01f35e498e3acadf8599755_cryptolocker
-
Size
128KB
-
MD5
2c392bc9a01f35e498e3acadf8599755
-
SHA1
f54edd9ae15b2f9eddb55722d75ff47b3408c34e
-
SHA256
d6d3e6bf0b6e1905b704cd0912ef9cc2d326512a706f14e9a1ac3940b9134ab7
-
SHA512
44ed681256d3b953f23551ef3eedfd2490e088d89d5f82312aacf40ccbbbd18e4cc885236522a4099476604aaa409099b1bf7ecaef6df8dee13a740c6477ca43
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp699GNtL1eeW:AnBdOOtEvwDpj6zj
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-