General

  • Target

    2024-05-23_a14971857ddb76929a2813a9dd417b69_cryptolocker

  • Size

    55KB

  • Sample

    240523-c37glaah3w

  • MD5

    a14971857ddb76929a2813a9dd417b69

  • SHA1

    0f177cc3affc13687e109acd8ac0aab8a70cdd12

  • SHA256

    b2e4c0bf5300551384617ac57f2d526ed7950d55bf507009fd78559b48da1fb2

  • SHA512

    e8ba2dec0c7ea79af86534719d16c2058492e2964c600ceaeef59bc4daba2dc08d57ff3ffd68609566aa0261bd8ba46e0db23a2183c550c5be6c209c9d0055fe

  • SSDEEP

    768:lQz7yVEhs9+4uR1bytOOtEvwDpjWfbP/bmq:lj+VGMOtEvwDpjubXbmq

Score
10/10

Malware Config

Targets

    • Target

      2024-05-23_a14971857ddb76929a2813a9dd417b69_cryptolocker

    • Size

      55KB

    • MD5

      a14971857ddb76929a2813a9dd417b69

    • SHA1

      0f177cc3affc13687e109acd8ac0aab8a70cdd12

    • SHA256

      b2e4c0bf5300551384617ac57f2d526ed7950d55bf507009fd78559b48da1fb2

    • SHA512

      e8ba2dec0c7ea79af86534719d16c2058492e2964c600ceaeef59bc4daba2dc08d57ff3ffd68609566aa0261bd8ba46e0db23a2183c550c5be6c209c9d0055fe

    • SSDEEP

      768:lQz7yVEhs9+4uR1bytOOtEvwDpjWfbP/bmq:lj+VGMOtEvwDpjubXbmq

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • Detects executables built or packed with MPress PE compressor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks