cryptolocker | 9345dca87ef550116e235df4675ffd44110d5c6060c5bc0e100c1d1c279d5e8e | Triage

Sharing

General

Target

e83149488595683e0c78febb79881ed5.bin
Size

390KB
Sample

240304-fdfjcsba44
MD5

e83149488595683e0c78febb79881ed5
SHA1

32d867c375c50d906c4a5d08f8bd96012548ecde
SHA256

9345dca87ef550116e235df4675ffd44110d5c6060c5bc0e100c1d1c279d5e8e
SHA512

12e16991a414d3eb4b1a961f18548b6dd0b052767b253b33a63f646b904a41940ad9cfeca7b9028e224e42be3cf1982ce21a0899e420717b84d31b4429e415ce
SSDEEP

6144:oWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCPD4SsSOg:oWkEuCaNT85I2vCMX5l+ZRv//G

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  e83149488595683e0c78febb79881ed5.bin
- Size
  
  390KB
- MD5
  
  e83149488595683e0c78febb79881ed5
- SHA1
  
  32d867c375c50d906c4a5d08f8bd96012548ecde
- SHA256
  
  9345dca87ef550116e235df4675ffd44110d5c6060c5bc0e100c1d1c279d5e8e
- SHA512
  
  12e16991a414d3eb4b1a961f18548b6dd0b052767b253b33a63f646b904a41940ad9cfeca7b9028e224e42be3cf1982ce21a0899e420717b84d31b4429e415ce
- SSDEEP
  
  6144:oWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCPD4SsSOg:oWkEuCaNT85I2vCMX5l+ZRv//G
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware