cryptolocker | e3fa90f7c598daab4c168eabb4dbc9f95ee89b28b857e27c9f1f30ab3b38e915 | Triage

Sharing

General

Target

a060be447351d0e1fdb71f45e8cc3619.bin
Size

415KB
Sample

240304-djvjcsha78
MD5

a060be447351d0e1fdb71f45e8cc3619
SHA1

45179b3f489d99bee2d33def800f7d6978ba9bc3
SHA256

e3fa90f7c598daab4c168eabb4dbc9f95ee89b28b857e27c9f1f30ab3b38e915
SHA512

5fbacdc82196e088a27165be1243fbc78fe797721bce458e654ad96a8c9e00f59154844f15f402ea8fe99b141ff922272c5a8979404864edbed49e7cdf81f4e6
SSDEEP

6144:iWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCOivgUOCo7nuao4S0b28BW7z:iWkEuCaNT85I2vCMX5l+ZRv/S

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  a060be447351d0e1fdb71f45e8cc3619.bin
- Size
  
  415KB
- MD5
  
  a060be447351d0e1fdb71f45e8cc3619
- SHA1
  
  45179b3f489d99bee2d33def800f7d6978ba9bc3
- SHA256
  
  e3fa90f7c598daab4c168eabb4dbc9f95ee89b28b857e27c9f1f30ab3b38e915
- SHA512
  
  5fbacdc82196e088a27165be1243fbc78fe797721bce458e654ad96a8c9e00f59154844f15f402ea8fe99b141ff922272c5a8979404864edbed49e7cdf81f4e6
- SSDEEP
  
  6144:iWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCOivgUOCo7nuao4S0b28BW7z:iWkEuCaNT85I2vCMX5l+ZRv/S
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware