e3a1498a355988dc0808abe2ed8f06c0ebf256fa9f5dc52f1ed9662fd30f5086 | Triage

Sharing

General

Target

2024-05-22_ab0f9c1a51e2cd504d3fcc4bfc58b96a_cryptolocker
Size

42KB
Sample

240522-zfymhafh64
MD5

ab0f9c1a51e2cd504d3fcc4bfc58b96a
SHA1

b68f833f0aaa948201c9afe836e7f436b0e4663a
SHA256

e3a1498a355988dc0808abe2ed8f06c0ebf256fa9f5dc52f1ed9662fd30f5086
SHA512

95eefc4736da0781fab89f3d83517b350ac0610fcf1968fe66550c5f55b0547987dd9a71bae70793d75ebeb91c66a2ace2fdf7d0cb7f06a290072f37e3ee069f
SSDEEP

768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLeJAsKuDb7xLg:ZzFbxmLPWQMOtEvwDpjLeJAsKcb7G

Score

10^/10

Malware Config

Targets

- Target
  
  2024-05-22_ab0f9c1a51e2cd504d3fcc4bfc58b96a_cryptolocker
- Size
  
  42KB
- MD5
  
  ab0f9c1a51e2cd504d3fcc4bfc58b96a
- SHA1
  
  b68f833f0aaa948201c9afe836e7f436b0e4663a
- SHA256
  
  e3a1498a355988dc0808abe2ed8f06c0ebf256fa9f5dc52f1ed9662fd30f5086
- SHA512
  
  95eefc4736da0781fab89f3d83517b350ac0610fcf1968fe66550c5f55b0547987dd9a71bae70793d75ebeb91c66a2ace2fdf7d0cb7f06a290072f37e3ee069f
- SSDEEP
  
  768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjLeJAsKuDb7xLg:ZzFbxmLPWQMOtEvwDpjLeJAsKcb7G
Score

9^/10
- Detection of CryptoLocker Variants
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2