cryptolocker | c09966a6b365f7c93e2bbb5a6c462691f10661329646c91434efbd31b2db99de | Triage

Resubmissions

07-03-2024 21:34

240307-1ezzlsee68 10

07-03-2024 21:00

240307-zta4csdh24 10

Sharing

General

Target

MalwareCollection-0.0.1.zip
Size

56.2MB
Sample

240307-zta4csdh24
MD5

88f17afe4c79bd252df59787a44bd6fb
SHA1

68e5e902cb32f3be55d6d20e613477431fe49281
SHA256

c09966a6b365f7c93e2bbb5a6c462691f10661329646c91434efbd31b2db99de
SHA512

ea33b69cedfb41f843a26204233f58f64ee0f6d0441ab86439c7da08c21c32356277346b8ae166e6cffe700c9717fad80410ead08c6f108b522d50c4bcb53db4
SSDEEP

1572864:2N/Ihce+bPdytxk8Gq4+/34speZ0jq2hkv71Cg8a6Egsc:Y/Le+bPdytxkRqh/34sprjVq1C31Egsc

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  Ransomware.CryptoLocker.exe
- Size
  
  338KB
- MD5
  
  04fb36199787f2e3e2135611a38321eb
- SHA1
  
  65559245709fe98052eb284577f1fd61c01ad20d
- SHA256
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
- SHA512
  
  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
- SSDEEP
  
  6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware