Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-22_a2d005f1d20479cc19c5c822c1179163_cryptolocker

  • Size

    64KB

  • Sample

    240522-c7z83saa2z

  • MD5

    a2d005f1d20479cc19c5c822c1179163

  • SHA1

    02e50fa5a538d181c178306bbb65bae4d08e6812

  • SHA256

    8deb4a62c6d75a4af231149b2a7e708ff892e56c69cd8b5a6a2dcc2b96bec1bf

  • SHA512

    1de335c4c6213be212e07fd2a0b263d13ab4940dacdd7c2a21bc5348626bb9462b35d15d4b7bb14564aad17895dc656d37a7adad95b360a471aff790f4ededb4

  • SSDEEP

    1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsin:BbdDmjr+OtEvwDpjM8y

Score
10/10

Malware Config

Targets

    • Target

      2024-05-22_a2d005f1d20479cc19c5c822c1179163_cryptolocker

    • Size

      64KB

    • MD5

      a2d005f1d20479cc19c5c822c1179163

    • SHA1

      02e50fa5a538d181c178306bbb65bae4d08e6812

    • SHA256

      8deb4a62c6d75a4af231149b2a7e708ff892e56c69cd8b5a6a2dcc2b96bec1bf

    • SHA512

      1de335c4c6213be212e07fd2a0b263d13ab4940dacdd7c2a21bc5348626bb9462b35d15d4b7bb14564aad17895dc656d37a7adad95b360a471aff790f4ededb4

    • SSDEEP

      1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsin:BbdDmjr+OtEvwDpjM8y

    Score
    9/10

    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks