General

  • Target

    2024-03-02_d370b7eb89b4b846814e2f401e6fd2da_cryptolocker

  • Size

    422KB

  • Sample

    240302-zs4z2shd8t

  • MD5

    d370b7eb89b4b846814e2f401e6fd2da

  • SHA1

    760fb2ffcbc2cad49311c41b36738077cf2a571b

  • SHA256

    800f1c7492fca5c04c332059f3fdb39970ce07e1cc5f5b9e8e2651492057587d

  • SHA512

    d9dfda95f316a1c6dd8aaa63481417cd99b552dde6bec061ee7b88b9f0eb9f2adcae3c098d7eb88a9b0c26db829d1ca2b84fc18c64ffdbc77fe104386b1f73b3

  • SSDEEP

    6144:gWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC/mSAg:gWkEuCaNT85I2vCMX5l+ZRvim8

Malware Config

Targets

    • Target

      2024-03-02_d370b7eb89b4b846814e2f401e6fd2da_cryptolocker

    • Size

      422KB

    • MD5

      d370b7eb89b4b846814e2f401e6fd2da

    • SHA1

      760fb2ffcbc2cad49311c41b36738077cf2a571b

    • SHA256

      800f1c7492fca5c04c332059f3fdb39970ce07e1cc5f5b9e8e2651492057587d

    • SHA512

      d9dfda95f316a1c6dd8aaa63481417cd99b552dde6bec061ee7b88b9f0eb9f2adcae3c098d7eb88a9b0c26db829d1ca2b84fc18c64ffdbc77fe104386b1f73b3

    • SSDEEP

      6144:gWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC/mSAg:gWkEuCaNT85I2vCMX5l+ZRvim8

    • CryptoLocker

      Ransomware family with multiple variants.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks