General
-
Target
2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall
-
Size
129KB
-
Sample
240523-lw3dqsce3z
-
MD5
6de4046f30c513f2907cfb8bcecd2eb5
-
SHA1
b382c47dc850dbb314224d29b83c454f42f4fbef
-
SHA256
1cae96dace01ef11ea003250d3cd9f9519821eff90e781fb6d179051ae7060fd
-
SHA512
6b13d1c553cc7d7555ae618c25d752a9315017e79de90cf9abdfc845f7c3dcbdd9d7d2a709da13e9c9fb2dbbd6483870dcbbff42f58e3d3f7545bc77223698d3
-
SSDEEP
3072:nhRpa+zd/EtzAAZ1rMAKlyDjH/B6SVqCgQfBUnPy8L66iiSB:nhbrdEt8ADrZDjH/B6SVqCgQfBUPy8Lu
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall
-
Size
129KB
-
MD5
6de4046f30c513f2907cfb8bcecd2eb5
-
SHA1
b382c47dc850dbb314224d29b83c454f42f4fbef
-
SHA256
1cae96dace01ef11ea003250d3cd9f9519821eff90e781fb6d179051ae7060fd
-
SHA512
6b13d1c553cc7d7555ae618c25d752a9315017e79de90cf9abdfc845f7c3dcbdd9d7d2a709da13e9c9fb2dbbd6483870dcbbff42f58e3d3f7545bc77223698d3
-
SSDEEP
3072:nhRpa+zd/EtzAAZ1rMAKlyDjH/B6SVqCgQfBUnPy8L66iiSB:nhbrdEt8ADrZDjH/B6SVqCgQfBUPy8Lu
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-