cryptolocker | cdad190f06ceb7a0c815839ef4fe0f3eb5bd321029c26f3b383df40e372020ec | Triage

Sharing

General

Target

2024-03-02_e63cee3c43ab030204a2dc8ca8eea364_cryptolocker
Size

395KB
Sample

240302-v5dleaga39
MD5

e63cee3c43ab030204a2dc8ca8eea364
SHA1

0f828cbc2da95c5e9592e5cf2a376fbb99cd0743
SHA256

cdad190f06ceb7a0c815839ef4fe0f3eb5bd321029c26f3b383df40e372020ec
SHA512

503026f8083838b6c806795f66d0d8633071013f3ca14ca44dc9fbc081da7700c5915b8ac59561362a0f0ce55a9720ece764312138fcd10985de3839465c8aed
SSDEEP

6144:VWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC2slIQ3a+:VWkEuCaNT85I2vCMX5l+ZRvXsKQ3a+

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-03-02_e63cee3c43ab030204a2dc8ca8eea364_cryptolocker
- Size
  
  395KB
- MD5
  
  e63cee3c43ab030204a2dc8ca8eea364
- SHA1
  
  0f828cbc2da95c5e9592e5cf2a376fbb99cd0743
- SHA256
  
  cdad190f06ceb7a0c815839ef4fe0f3eb5bd321029c26f3b383df40e372020ec
- SHA512
  
  503026f8083838b6c806795f66d0d8633071013f3ca14ca44dc9fbc081da7700c5915b8ac59561362a0f0ce55a9720ece764312138fcd10985de3839465c8aed
- SSDEEP
  
  6144:VWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC2slIQ3a+:VWkEuCaNT85I2vCMX5l+ZRvXsKQ3a+
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware