General

  • Target

    2024-06-03_f29a1bfc40bab59affda1ebcc11e6f8d_cryptolocker

  • Size

    95KB

  • Sample

    240603-nz6xfade2z

  • MD5

    f29a1bfc40bab59affda1ebcc11e6f8d

  • SHA1

    2c3f8cc69c5554c492eb65638376ca7a5314e0ea

  • SHA256

    e175cc87c6993e69b52072214418c1675364b9d373552f2cc4303cf20594d658

  • SHA512

    a46b912fe2ceac0bf3fb641be32c0d78bd1c81d8bbb24b96efdd830e7c51207ed8d70b7740007370b259da3049fb5f76f7184b21902573a851c0a2db9e8338e1

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp0+H:AnBdOOtEvwDpj6zE

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-06-03_f29a1bfc40bab59affda1ebcc11e6f8d_cryptolocker

    • Size

      95KB

    • MD5

      f29a1bfc40bab59affda1ebcc11e6f8d

    • SHA1

      2c3f8cc69c5554c492eb65638376ca7a5314e0ea

    • SHA256

      e175cc87c6993e69b52072214418c1675364b9d373552f2cc4303cf20594d658

    • SHA512

      a46b912fe2ceac0bf3fb641be32c0d78bd1c81d8bbb24b96efdd830e7c51207ed8d70b7740007370b259da3049fb5f76f7184b21902573a851c0a2db9e8338e1

    • SSDEEP

      1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp0+H:AnBdOOtEvwDpj6zE

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks