General

  • Target

    2024-03-02_88e6167278358736fa4d97bb6565a859_cryptolocker

  • Size

    420KB

  • Sample

    240302-3hg93sag65

  • MD5

    88e6167278358736fa4d97bb6565a859

  • SHA1

    1c101c0566da79e001b98f54428bc62249c0d436

  • SHA256

    3b1ff12e997c8d1c689607526cf57b4486a2edea7f01c2428beee8cbcfb0b150

  • SHA512

    e6a177273948c082694209955c9508f8164a004a34f4483fba2dcb3c5ff61dba3708ac8887e1a57491507dfb63767c82433538fd802edfd4b24e5096f4b9296c

  • SSDEEP

    6144:CWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCoCzfDOSBg:CWkEuCaNT85I2vCMX5l+ZRvUWl

Malware Config

Targets

    • Target

      2024-03-02_88e6167278358736fa4d97bb6565a859_cryptolocker

    • Size

      420KB

    • MD5

      88e6167278358736fa4d97bb6565a859

    • SHA1

      1c101c0566da79e001b98f54428bc62249c0d436

    • SHA256

      3b1ff12e997c8d1c689607526cf57b4486a2edea7f01c2428beee8cbcfb0b150

    • SHA512

      e6a177273948c082694209955c9508f8164a004a34f4483fba2dcb3c5ff61dba3708ac8887e1a57491507dfb63767c82433538fd802edfd4b24e5096f4b9296c

    • SSDEEP

      6144:CWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCoCzfDOSBg:CWkEuCaNT85I2vCMX5l+ZRvUWl

    • CryptoLocker

      Ransomware family with multiple variants.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks