f407889b58ed2ef3ddc8926bd3bff16360bb4eab0a8ae871ad80b0c81adec090 | Triage

Sharing

General

Target

2024-05-21_e43a46b41d806c076a1f7469fac561fc_cryptolocker
Size

32KB
Sample

240521-yerbcsgc83
MD5

e43a46b41d806c076a1f7469fac561fc
SHA1

f32f578b7bca97d99f5c4eeb6b64b10be02dcc21
SHA256

f407889b58ed2ef3ddc8926bd3bff16360bb4eab0a8ae871ad80b0c81adec090
SHA512

e00adf84aaf5a928b9539e810f473e781d2f00e7f032454a15ed0639343b703d4b72a3def9943fdca9ef9a8dee681f842778070df6eda4bc9bb1c19692b910a9
SSDEEP

384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cJ3v75:bAvJCYOOvbRPDEgXRcJt

Score

10^/10

Malware Config

Targets

- Target
  
  2024-05-21_e43a46b41d806c076a1f7469fac561fc_cryptolocker
- Size
  
  32KB
- MD5
  
  e43a46b41d806c076a1f7469fac561fc
- SHA1
  
  f32f578b7bca97d99f5c4eeb6b64b10be02dcc21
- SHA256
  
  f407889b58ed2ef3ddc8926bd3bff16360bb4eab0a8ae871ad80b0c81adec090
- SHA512
  
  e00adf84aaf5a928b9539e810f473e781d2f00e7f032454a15ed0639343b703d4b72a3def9943fdca9ef9a8dee681f842778070df6eda4bc9bb1c19692b910a9
- SSDEEP
  
  384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cJ3v75:bAvJCYOOvbRPDEgXRcJt
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2