cryptolocker | 1a48bcf78ceddecbf00755997e9472994bd9eba90926b22b490e9bd5152d1e54 | Triage

Sharing

General

Target

2024-03-02_b5d9a91d2e61d2b837b0dbecd39f5588_cryptolocker
Size

403KB
Sample

240302-q36rysdh9t
MD5

b5d9a91d2e61d2b837b0dbecd39f5588
SHA1

600e012e873a9561d98dc46d4d4dee02659a3cf2
SHA256

1a48bcf78ceddecbf00755997e9472994bd9eba90926b22b490e9bd5152d1e54
SHA512

02d47a21690723baec621f6de78bb69eedd73e56013853a058d4644e75c81ee2e8428b8bf1affec91c5c3df1cf8188a4a70d8969f891bf0f87ddd403f84d4e69
SSDEEP

6144:MWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCguCAbbr7:MWkEuCaNT85I2vCMX5l+ZRv3uCAbv7

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-03-02_b5d9a91d2e61d2b837b0dbecd39f5588_cryptolocker
- Size
  
  403KB
- MD5
  
  b5d9a91d2e61d2b837b0dbecd39f5588
- SHA1
  
  600e012e873a9561d98dc46d4d4dee02659a3cf2
- SHA256
  
  1a48bcf78ceddecbf00755997e9472994bd9eba90926b22b490e9bd5152d1e54
- SHA512
  
  02d47a21690723baec621f6de78bb69eedd73e56013853a058d4644e75c81ee2e8428b8bf1affec91c5c3df1cf8188a4a70d8969f891bf0f87ddd403f84d4e69
- SSDEEP
  
  6144:MWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCguCAbbr7:MWkEuCaNT85I2vCMX5l+ZRv3uCAbv7
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware