General
-
Target
2024-06-05_deaa6dfcb4027d9f290c99aea3da7405_cryptolocker
-
Size
37KB
-
Sample
240605-fhg8rafe94
-
MD5
deaa6dfcb4027d9f290c99aea3da7405
-
SHA1
ac20c94e6f478f2cbcde6d4990f9555efc46a66d
-
SHA256
743f672b413b3950c98ec222a46f7ab90ce923e3abaa8869250f6dae862947db
-
SHA512
a90d77ed463368bed3ecbda79bd0ff384f6cd5f4852cb66b66dfa71c847ee5e059dd678faa9401599514f79df263d12af72f3fecc647d7f367371fde20223c40
-
SSDEEP
768:qUmnjFom/kLyMro2GtOOtEvwDpjeMLam5axK3VKIN:qUmnpomddpMOtEvwDpjjaYaQJN
Malware Config
Targets
-
-
Target
2024-06-05_deaa6dfcb4027d9f290c99aea3da7405_cryptolocker
-
Size
37KB
-
MD5
deaa6dfcb4027d9f290c99aea3da7405
-
SHA1
ac20c94e6f478f2cbcde6d4990f9555efc46a66d
-
SHA256
743f672b413b3950c98ec222a46f7ab90ce923e3abaa8869250f6dae862947db
-
SHA512
a90d77ed463368bed3ecbda79bd0ff384f6cd5f4852cb66b66dfa71c847ee5e059dd678faa9401599514f79df263d12af72f3fecc647d7f367371fde20223c40
-
SSDEEP
768:qUmnjFom/kLyMro2GtOOtEvwDpjeMLam5axK3VKIN:qUmnpomddpMOtEvwDpjjaYaQJN
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-