af4ff9e652c3368212d8ce1d0ed0fb7ee532aa9dddb8e63771d54191f81efe5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-12_cf38897c7738a0844cf384013c871e8f_cryptolocker
Size

40KB
Sample

240512-fj4s5sch42
MD5

cf38897c7738a0844cf384013c871e8f
SHA1

d76243cbd831903563f420787f6a0c840787291a
SHA256

af4ff9e652c3368212d8ce1d0ed0fb7ee532aa9dddb8e63771d54191f81efe5d
SHA512

d2d9673740fe8ce88b5d07808cefb38bfd6558db0622175048a3f4383edae447f80dab904b77e532cbe6317fad26b55e03e13b867dc0e36b4bd0920c3354ff12
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLeJAsKuDbj:ZzFbxmLPWQMOtEvwDpjLeJAsKcbj

Score

10^/10

Malware Config

Targets

- Target
  
  2024-05-12_cf38897c7738a0844cf384013c871e8f_cryptolocker
- Size
  
  40KB
- MD5
  
  cf38897c7738a0844cf384013c871e8f
- SHA1
  
  d76243cbd831903563f420787f6a0c840787291a
- SHA256
  
  af4ff9e652c3368212d8ce1d0ed0fb7ee532aa9dddb8e63771d54191f81efe5d
- SHA512
  
  d2d9673740fe8ce88b5d07808cefb38bfd6558db0622175048a3f4383edae447f80dab904b77e532cbe6317fad26b55e03e13b867dc0e36b4bd0920c3354ff12
- SSDEEP
  
  768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLeJAsKuDbj:ZzFbxmLPWQMOtEvwDpjLeJAsKcbj
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2