General
-
Target
2024-04-19_ae28acab5a5cb7a2730ea8c264ccdf0d_cryptolocker
-
Size
74KB
-
Sample
240419-sdfkksfc54
-
MD5
ae28acab5a5cb7a2730ea8c264ccdf0d
-
SHA1
3102afce7196cef15cc8aa37809787c55e48eb8b
-
SHA256
374ab80c3582d9276ec25e4fb660d5be7ebb6808492bd343fa6457a821612be6
-
SHA512
bae7935e33a7bed8ba58c2049b9b05fbb7a1440327e74f1c9cb18d91542f440ae4d0733a8d1877f95de570fb8c6880b0691b2c4219c1cca82363986c623e8547
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsaleFj:1nK6a+qdOOtEvwDpjF
Behavioral task
behavioral1
Sample
2024-04-19_ae28acab5a5cb7a2730ea8c264ccdf0d_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-19_ae28acab5a5cb7a2730ea8c264ccdf0d_cryptolocker.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\Downloads\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
2024-04-19_ae28acab5a5cb7a2730ea8c264ccdf0d_cryptolocker
-
Size
74KB
-
MD5
ae28acab5a5cb7a2730ea8c264ccdf0d
-
SHA1
3102afce7196cef15cc8aa37809787c55e48eb8b
-
SHA256
374ab80c3582d9276ec25e4fb660d5be7ebb6808492bd343fa6457a821612be6
-
SHA512
bae7935e33a7bed8ba58c2049b9b05fbb7a1440327e74f1c9cb18d91542f440ae4d0733a8d1877f95de570fb8c6880b0691b2c4219c1cca82363986c623e8547
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsaleFj:1nK6a+qdOOtEvwDpjF
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1File and Directory Permissions Modification
1Modify Registry
4Pre-OS Boot
1Bootkit
1Hide Artifacts
1Hidden Files and Directories
1