General
-
Target
2024-03-07_fd3a38f41f40502f227379941a0ccf73_cryptolocker
-
Size
4.5MB
-
Sample
240307-xreyescc6x
-
MD5
fd3a38f41f40502f227379941a0ccf73
-
SHA1
8bc1f06c483ad02c0b5fa5ccfdc0cf1720bcf139
-
SHA256
ddccf0f97e1eeec6ab990c6511b4cf92153834dec627dbdf21eebb5107ee2a0e
-
SHA512
079bc713d099f51beec5c5174651f7b0a36b8ad728597b5ef54dd99f77f21d462119a4815de4250c957182aea1cb95cdd23fb7cf3771a06eb69e997e11e826a7
-
SSDEEP
98304:g/ZFIjBzldUfs/ZFIjBz7jSZD1tU7ymTP:g/ZFIjBzF/ZFIjBzPEUusP
Malware Config
Targets
-
-
Target
2024-03-07_fd3a38f41f40502f227379941a0ccf73_cryptolocker
-
Size
4.5MB
-
MD5
fd3a38f41f40502f227379941a0ccf73
-
SHA1
8bc1f06c483ad02c0b5fa5ccfdc0cf1720bcf139
-
SHA256
ddccf0f97e1eeec6ab990c6511b4cf92153834dec627dbdf21eebb5107ee2a0e
-
SHA512
079bc713d099f51beec5c5174651f7b0a36b8ad728597b5ef54dd99f77f21d462119a4815de4250c957182aea1cb95cdd23fb7cf3771a06eb69e997e11e826a7
-
SSDEEP
98304:g/ZFIjBzldUfs/ZFIjBz7jSZD1tU7ymTP:g/ZFIjBzF/ZFIjBzPEUusP
Score9/10-
Detection of CryptoLocker Variants
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-