cryptolocker | 52529731c9efe8195b73ccff56562453b513d85d85b5bc2643e91cc1431a15ad | Triage

Sharing

General

Target

b96d73c84ccbd9f3e1ec466891504108.bin
Size

412KB
Sample

240304-d8ybjshg52
MD5

b96d73c84ccbd9f3e1ec466891504108
SHA1

a894f16e89f3a92857700ee995c71072c01e2e97
SHA256

52529731c9efe8195b73ccff56562453b513d85d85b5bc2643e91cc1431a15ad
SHA512

eef43a7e1ef99120d7b22daaa9d5ab216b6620d91aac0a1576f7e1f0db994e537c0ced4a9d0b388eeab69a51142ecd66870ed753ecaf6d4adbeacd8d9eec27ee
SSDEEP

6144:2Wmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCKp4p3bpyjzx4oQD4Slg:2WkEuCaNT85I2vCMX5l+ZRvnfd

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  b96d73c84ccbd9f3e1ec466891504108.bin
- Size
  
  412KB
- MD5
  
  b96d73c84ccbd9f3e1ec466891504108
- SHA1
  
  a894f16e89f3a92857700ee995c71072c01e2e97
- SHA256
  
  52529731c9efe8195b73ccff56562453b513d85d85b5bc2643e91cc1431a15ad
- SHA512
  
  eef43a7e1ef99120d7b22daaa9d5ab216b6620d91aac0a1576f7e1f0db994e537c0ced4a9d0b388eeab69a51142ecd66870ed753ecaf6d4adbeacd8d9eec27ee
- SSDEEP
  
  6144:2Wmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCKp4p3bpyjzx4oQD4Slg:2WkEuCaNT85I2vCMX5l+ZRvnfd
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware