Overview

overview

10

Static

static

1

IMG_6379.jpg

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_6379.JPG

  • Size

    64KB

  • Sample

    240716-ql7ypavbnn

  • MD5

    1971a9fa46b03df71b590fd211817adc

  • SHA1

    363aa57eaf9d8963572be55a10114601baefbbe8

  • SHA256

    4ee8c3ed538e667169cda655d98c325f57ebdb0ddff396727618f242f2a07f5c

  • SHA512

    2ba1519141804882c5d98235041c1a00af0b6dc9c288c3971ac04576af0d0e7589498b672b450ab48288b8f08eb2cc956732614d03bda0a77662d31fd589c5ff

  • SSDEEP

    1536:8FS65tu1C8stds96Sos0EKxk8n4eEpV3c/IIem5Y8OtJqGl:8FS65c1X+et/Kxnn9EpVs/IIem530JX

Score
10/10
ctblockerdiscoverylinkpdfransomware

Malware Config

Targets

    • Target

      IMG_6379.JPG

    • Size

      64KB

    • MD5

      1971a9fa46b03df71b590fd211817adc

    • SHA1

      363aa57eaf9d8963572be55a10114601baefbbe8

    • SHA256

      4ee8c3ed538e667169cda655d98c325f57ebdb0ddff396727618f242f2a07f5c

    • SHA512

      2ba1519141804882c5d98235041c1a00af0b6dc9c288c3971ac04576af0d0e7589498b672b450ab48288b8f08eb2cc956732614d03bda0a77662d31fd589c5ff

    • SSDEEP

      1536:8FS65tu1C8stds96Sos0EKxk8n4eEpV3c/IIem5Y8OtJqGl:8FS65c1X+et/Kxnn9EpVs/IIem530JX

    Score
    10/10
    ctblockerdiscoverylinkpdfransomware

    • CTB-Locker

      Ransomware family which uses Tor to hide its C2 communications.

      ransomwarectblocker

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks