cryptolocker | 73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd | Triage

Sharing

General

Target

watch
Size

881KB
Sample

240227-25lqcadh7z
MD5

bdbf42e182d9df0212f956f4580ae73d
SHA1

f389280d7626714f95488112e8eb4cd2f5e37308
SHA256

73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd
SHA512

ca65cd4d97c26e2bf389bf263fdcfe3cee1186b7ed239b5778d235a7d3a7e51991665711c4d9743160f4af51ee669db4c0f2c04934ee0645afd72f2bb31bd30e
SSDEEP

12288:huspsJsUsls+sas/sysQm23Sc8oLqKqgV0fGB7sfdQ:ham23F8oAGZ

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  watch
- Size
  
  881KB
- MD5
  
  bdbf42e182d9df0212f956f4580ae73d
- SHA1
  
  f389280d7626714f95488112e8eb4cd2f5e37308
- SHA256
  
  73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd
- SHA512
  
  ca65cd4d97c26e2bf389bf263fdcfe3cee1186b7ed239b5778d235a7d3a7e51991665711c4d9743160f4af51ee669db4c0f2c04934ee0645afd72f2bb31bd30e
- SSDEEP
  
  12288:huspsJsUsls+sas/sysQm23Sc8oLqKqgV0fGB7sfdQ:ham23F8oAGZ
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware