cryptolocker | 73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd | Triage

Sharing

General

Target

watch
Size

881KB
Sample

240227-25lqcadh7z
MD5

bdbf42e182d9df0212f956f4580ae73d
SHA1

f389280d7626714f95488112e8eb4cd2f5e37308
SHA256

73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd
SHA512

ca65cd4d97c26e2bf389bf263fdcfe3cee1186b7ed239b5778d235a7d3a7e51991665711c4d9743160f4af51ee669db4c0f2c04934ee0645afd72f2bb31bd30e
SSDEEP

12288:huspsJsUsls+sas/sysQm23Sc8oLqKqgV0fGB7sfdQ:ham23F8oAGZ

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  watch
- Size
  
  881KB
- MD5
  
  bdbf42e182d9df0212f956f4580ae73d
- SHA1
  
  f389280d7626714f95488112e8eb4cd2f5e37308
- SHA256
  
  73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd
- SHA512
  
  ca65cd4d97c26e2bf389bf263fdcfe3cee1186b7ed239b5778d235a7d3a7e51991665711c4d9743160f4af51ee669db4c0f2c04934ee0645afd72f2bb31bd30e
- SSDEEP
  
  12288:huspsJsUsls+sas/sysQm23Sc8oLqKqgV0fGB7sfdQ:ham23F8oAGZ
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware