cryptolocker | 800f1c7492fca5c04c332059f3fdb39970ce07e1cc5f5b9e8e2651492057587d | Triage

Sharing

General

Target

d370b7eb89b4b846814e2f401e6fd2da.bin
Size

422KB
Sample

240304-esaqzshe2y
MD5

d370b7eb89b4b846814e2f401e6fd2da
SHA1

760fb2ffcbc2cad49311c41b36738077cf2a571b
SHA256

800f1c7492fca5c04c332059f3fdb39970ce07e1cc5f5b9e8e2651492057587d
SHA512

d9dfda95f316a1c6dd8aaa63481417cd99b552dde6bec061ee7b88b9f0eb9f2adcae3c098d7eb88a9b0c26db829d1ca2b84fc18c64ffdbc77fe104386b1f73b3
SSDEEP

6144:gWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC/mSAg:gWkEuCaNT85I2vCMX5l+ZRvim8

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  d370b7eb89b4b846814e2f401e6fd2da.bin
- Size
  
  422KB
- MD5
  
  d370b7eb89b4b846814e2f401e6fd2da
- SHA1
  
  760fb2ffcbc2cad49311c41b36738077cf2a571b
- SHA256
  
  800f1c7492fca5c04c332059f3fdb39970ce07e1cc5f5b9e8e2651492057587d
- SHA512
  
  d9dfda95f316a1c6dd8aaa63481417cd99b552dde6bec061ee7b88b9f0eb9f2adcae3c098d7eb88a9b0c26db829d1ca2b84fc18c64ffdbc77fe104386b1f73b3
- SSDEEP
  
  6144:gWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC/mSAg:gWkEuCaNT85I2vCMX5l+ZRvim8
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware