cryptolocker | 3b1ff12e997c8d1c689607526cf57b4486a2edea7f01c2428beee8cbcfb0b150 | Triage

Sharing

General

Target

2024-03-02_88e6167278358736fa4d97bb6565a859_cryptolocker
Size

420KB
Sample

240302-3hg93sag65
MD5

88e6167278358736fa4d97bb6565a859
SHA1

1c101c0566da79e001b98f54428bc62249c0d436
SHA256

3b1ff12e997c8d1c689607526cf57b4486a2edea7f01c2428beee8cbcfb0b150
SHA512

e6a177273948c082694209955c9508f8164a004a34f4483fba2dcb3c5ff61dba3708ac8887e1a57491507dfb63767c82433538fd802edfd4b24e5096f4b9296c
SSDEEP

6144:CWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCoCzfDOSBg:CWkEuCaNT85I2vCMX5l+ZRvUWl

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-03-02_88e6167278358736fa4d97bb6565a859_cryptolocker
- Size
  
  420KB
- MD5
  
  88e6167278358736fa4d97bb6565a859
- SHA1
  
  1c101c0566da79e001b98f54428bc62249c0d436
- SHA256
  
  3b1ff12e997c8d1c689607526cf57b4486a2edea7f01c2428beee8cbcfb0b150
- SHA512
  
  e6a177273948c082694209955c9508f8164a004a34f4483fba2dcb3c5ff61dba3708ac8887e1a57491507dfb63767c82433538fd802edfd4b24e5096f4b9296c
- SSDEEP
  
  6144:CWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCoCzfDOSBg:CWkEuCaNT85I2vCMX5l+ZRvUWl
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware