400531b588a8bf13cfa7f35b9155ee229b4ca187244639480e06a04a3761fde8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-05_db8e69df2794a70d9b8600e35954c796_cryptolocker
Size

40KB
Sample

240405-jk595sfb56
MD5

db8e69df2794a70d9b8600e35954c796
SHA1

e9f7963c6780b694a116f80a655e2ca21d19c8bc
SHA256

400531b588a8bf13cfa7f35b9155ee229b4ca187244639480e06a04a3761fde8
SHA512

c45d02190a399d79eae19035899a5d8e13b89fc6df6028043402444b0723ea9a27c3f00df4c2d4038df1db10f64278a6d655fbb6620011920c6ef51dcb3f3099
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLenQLJJEykJ:ZzFbxmLPWQMOtEvwDpjLeU3EZ

Score

10^/10

Malware Config

Targets

- Target
  
  2024-04-05_db8e69df2794a70d9b8600e35954c796_cryptolocker
- Size
  
  40KB
- MD5
  
  db8e69df2794a70d9b8600e35954c796
- SHA1
  
  e9f7963c6780b694a116f80a655e2ca21d19c8bc
- SHA256
  
  400531b588a8bf13cfa7f35b9155ee229b4ca187244639480e06a04a3761fde8
- SHA512
  
  c45d02190a399d79eae19035899a5d8e13b89fc6df6028043402444b0723ea9a27c3f00df4c2d4038df1db10f64278a6d655fbb6620011920c6ef51dcb3f3099
- SSDEEP
  
  768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLenQLJJEykJ:ZzFbxmLPWQMOtEvwDpjLeU3EZ
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2