b160ef9db1e95c636eb7d476ede13f5babcabf9b3b6eb9fa85649e6fb8f41be0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-11_c1d9a7fbfa0030077e6c3ee05b8dbbaf_cryptolocker
Size

44KB
Sample

240911-mg1r2avelj
MD5

c1d9a7fbfa0030077e6c3ee05b8dbbaf
SHA1

f264f7c90ed1eae1df0d94173cdeda2dc9b335c6
SHA256

b160ef9db1e95c636eb7d476ede13f5babcabf9b3b6eb9fa85649e6fb8f41be0
SHA512

de1f7ffd09b3c165d5ebc95b3f7e83e73cbe606f22bba136e4fd9113445a1e846d63d3b89e51a65fc09faf5776a167852f3c50a6ec75d781f0b634ed22093c40
SSDEEP

768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAwwh:b/pYayGig5HjS3NPAdh

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-11_c1d9a7fbfa0030077e6c3ee05b8dbbaf_cryptolocker
- Size
  
  44KB
- MD5
  
  c1d9a7fbfa0030077e6c3ee05b8dbbaf
- SHA1
  
  f264f7c90ed1eae1df0d94173cdeda2dc9b335c6
- SHA256
  
  b160ef9db1e95c636eb7d476ede13f5babcabf9b3b6eb9fa85649e6fb8f41be0
- SHA512
  
  de1f7ffd09b3c165d5ebc95b3f7e83e73cbe606f22bba136e4fd9113445a1e846d63d3b89e51a65fc09faf5776a167852f3c50a6ec75d781f0b634ed22093c40
- SSDEEP
  
  768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAwwh:b/pYayGig5HjS3NPAdh
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2