50a5fa0da790c475a225fb512744d39fa7a21e5a1c1ee7d4a7365ffeab7ba8e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-24_d31e212e8057d68c173637ba71b2a04a_cryptolocker
Size

34KB
Sample

240724-bttcyatcjf
MD5

d31e212e8057d68c173637ba71b2a04a
SHA1

f4ed1d0cacbf689ac06ee9ece244bda2a90e389b
SHA256

50a5fa0da790c475a225fb512744d39fa7a21e5a1c1ee7d4a7365ffeab7ba8e5
SHA512

1de5ee5f51c5c0b7dd0c212fb1d51ef527a989d37a606abdebe12a1a18963724a59b08005e5dff1c87c4006acf11a5d6cf0ca76a5ce9916ab50e4e2f55ef53a1
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEkcsgYKzNw:b/yC4GyNM01GuQMNXw2PSjSKkcJYK6

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-07-24_d31e212e8057d68c173637ba71b2a04a_cryptolocker
- Size
  
  34KB
- MD5
  
  d31e212e8057d68c173637ba71b2a04a
- SHA1
  
  f4ed1d0cacbf689ac06ee9ece244bda2a90e389b
- SHA256
  
  50a5fa0da790c475a225fb512744d39fa7a21e5a1c1ee7d4a7365ffeab7ba8e5
- SHA512
  
  1de5ee5f51c5c0b7dd0c212fb1d51ef527a989d37a606abdebe12a1a18963724a59b08005e5dff1c87c4006acf11a5d6cf0ca76a5ce9916ab50e4e2f55ef53a1
- SSDEEP
  
  384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEkcsgYKzNw:b/yC4GyNM01GuQMNXw2PSjSKkcJYK6
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2