cryptolocker | 7d87771c0bdc3feac638f692586a1317b8d6d9bb69ed28819154c43051dc7c80 | Triage

Sharing

General

Target

2024-03-02_5dfd753473751da0685dbc79709a5087_cryptolocker
Size

385KB
Sample

240302-vdpvcsfe87
MD5

5dfd753473751da0685dbc79709a5087
SHA1

34eb0c24f08390fe7a9c3238cf4d02e45ec12719
SHA256

7d87771c0bdc3feac638f692586a1317b8d6d9bb69ed28819154c43051dc7c80
SHA512

a3a60af967ce5255d7fd2aef3a88422187a8949192c8ebcbc89ac44dceabb5afa0a00968f43cf4e648774cf26a7399ad090ef84c264acfb2f9e4724cc3edaccb
SSDEEP

6144:JWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCbZRY:JWkEuCaNT85I2vCMX5l+ZRvyZRY

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  2024-03-02_5dfd753473751da0685dbc79709a5087_cryptolocker
- Size
  
  385KB
- MD5
  
  5dfd753473751da0685dbc79709a5087
- SHA1
  
  34eb0c24f08390fe7a9c3238cf4d02e45ec12719
- SHA256
  
  7d87771c0bdc3feac638f692586a1317b8d6d9bb69ed28819154c43051dc7c80
- SHA512
  
  a3a60af967ce5255d7fd2aef3a88422187a8949192c8ebcbc89ac44dceabb5afa0a00968f43cf4e648774cf26a7399ad090ef84c264acfb2f9e4724cc3edaccb
- SSDEEP
  
  6144:JWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCbZRY:JWkEuCaNT85I2vCMX5l+ZRvyZRY
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware