787544c93352374c300ff9ae5e93a630a01ad9a41c5e86ff1432e9bbe76ee608 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_e10be17bbc76d571fc1dba85a465c9fb_cryptolocker
Size

34KB
Sample

240508-2bjznaaf9x
MD5

e10be17bbc76d571fc1dba85a465c9fb
SHA1

4aea65854520a6b26d69fdeaa7a05db79fbd2dac
SHA256

787544c93352374c300ff9ae5e93a630a01ad9a41c5e86ff1432e9bbe76ee608
SHA512

03e86fb6a9e1b4418a3803ef977ecf9bf4e3f77661c76eea8a748eb334cfaed012a026b08b141d8b26cfad210266c1fbe1c2f2e97ae17705bd90cd4f46447665
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEkcsgR5:b/yC4GyNM01GuQMNXw2PSjSKkcJR5

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  2024-05-08_e10be17bbc76d571fc1dba85a465c9fb_cryptolocker
- Size
  
  34KB
- MD5
  
  e10be17bbc76d571fc1dba85a465c9fb
- SHA1
  
  4aea65854520a6b26d69fdeaa7a05db79fbd2dac
- SHA256
  
  787544c93352374c300ff9ae5e93a630a01ad9a41c5e86ff1432e9bbe76ee608
- SHA512
  
  03e86fb6a9e1b4418a3803ef977ecf9bf4e3f77661c76eea8a748eb334cfaed012a026b08b141d8b26cfad210266c1fbe1c2f2e97ae17705bd90cd4f46447665
- SSDEEP
  
  384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEkcsgR5:b/yC4GyNM01GuQMNXw2PSjSKkcJR5
Score

9^/10

discovery
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2