Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-04-30_21c0a081658f024a30ad731ebef9831d_cryptolocker
-
Size
81KB
-
Sample
240430-c1j9aaaa79
-
MD5
21c0a081658f024a30ad731ebef9831d
-
SHA1
09e9b91402ca06cede822327aa2f4682d2197dd5
-
SHA256
b88f884e4fedc3e7f632d4f82f3b6182cb16e1567a3cb648e75d1f34329ab344
-
SHA512
6457ff268e54646ae3b9a880c9d5c8bca8b2412f42d898ed07858ac34768b814d2b090ba86c0dc1948a2fc414e7b62362f65b94055688a2799af032668e374a4
-
SSDEEP
1536:zj+soPSMOtEvwDpj4ktBl01hJ0tq1ky7Qp2CEb:zCsanOtEvwDpjw
Behavioral task
behavioral1
Sample
2024-04-30_21c0a081658f024a30ad731ebef9831d_cryptolocker.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-04-30_21c0a081658f024a30ad731ebef9831d_cryptolocker.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2024-04-30_21c0a081658f024a30ad731ebef9831d_cryptolocker
-
Size
81KB
-
MD5
21c0a081658f024a30ad731ebef9831d
-
SHA1
09e9b91402ca06cede822327aa2f4682d2197dd5
-
SHA256
b88f884e4fedc3e7f632d4f82f3b6182cb16e1567a3cb648e75d1f34329ab344
-
SHA512
6457ff268e54646ae3b9a880c9d5c8bca8b2412f42d898ed07858ac34768b814d2b090ba86c0dc1948a2fc414e7b62362f65b94055688a2799af032668e374a4
-
SSDEEP
1536:zj+soPSMOtEvwDpj4ktBl01hJ0tq1ky7Qp2CEb:zCsanOtEvwDpjw
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-