ctblocker | 4a0b83817f7e10ccaf4f73a8317c132fef767f646b5669e28d509c935910ef79

Sharing

Copy URL

Twitter E-mail

General

Target

0b040905485bcc34a06f2e9ad2f04917_JaffaCakes118
Size

766KB
Sample

241002-ra5jvstdjb
MD5

0b040905485bcc34a06f2e9ad2f04917
SHA1

b09140f7d7441e8585d9ca379a5a915357af82af
SHA256

4a0b83817f7e10ccaf4f73a8317c132fef767f646b5669e28d509c935910ef79
SHA512

0f1a854af2e5423f50b124bf274905569e8e4c03eee91e2e23c384234e2b19c8f249b117f033f1ee59f6214d7ca9a2554189f4af009d0bb929feb9c952648052
SSDEEP

12288:5pezD/g+2FEvIuAOGA6ZEL+X+JLBI+ULp3g7lFVBMbLPNqnsb65yP/hizdOGrld9:5p0/p4eAxxOTI+Mhg7lKHVqsUyPpGdOG

Score

10^/10

Malware Config

Targets

- Target
  
  Fattura 00384788-0849838.pdf.exe
- Size
  
  867KB
- MD5
  
  921023d253b6dfac1eaabe38f3b36a45
- SHA1
  
  82ae601f2eb5202a5314feffb2a9bd07c5f33327
- SHA256
  
  a2deb60615b3bd20beeb9253547a41c0a970139bfb59d9f88854b8b61880ead1
- SHA512
  
  86229692b51a24e3f29aec482f6aca2109cf98031011a5bc71b756ee1417fe0200c179bde3adfd9dd72dcb5edd553abb98a5c6845b1c42d3e7672038fb7bc115
- SSDEEP
  
  24576:+XH+j3CgxpmJI+QhQ3r+HVqQUEHpGzOUPZ:Jj3CgxpNhN16EHpCx
Score

10^/10

ctblocker defense_evasion discovery execution impact ransomware
- CTB-Locker
  Ransomware family which uses Tor to hide its C2 communications.
  ransomware ctblocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  883eff06ac96966270731e4e22817e11
- SHA1
  
  523c87c98236cbc04430e87ec19b977595092ac8
- SHA256
  
  44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
- SHA512
  
  60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
- SSDEEP
  
  96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  NsResize.dll
- Size
  
  60KB
- MD5
  
  9c655b0c142db0494026c1ebb1b3923f
- SHA1
  
  2dbebe42968e78200688e40ab5b8d25bf8e0b4df
- SHA256
  
  ef2d114896f07fc20aed5c3045754de0103813aa31bedb188262cec6fb3263dd
- SHA512
  
  51d7efab18f6909daf61534befa2e20eec437c24114f7c21b383004806d4b8869dc12395a972965c89dbeb66fe0282833207b5aa93ec7f085ca7054d0a0d9f1d
- SSDEEP
  
  768:qGFZmKGqWJ0hYkuyws9yon9dmkVL8L+vR/2nArYDRjrn9To+:q6mfmYkuX3onDmkVLm+o7DB9To
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  default_hash.js
- Size
  
  136B
- MD5
  
  06a09bda9d5dd7dba611b2dd460d545e
- SHA1
  
  73946d0150e298464b8a55a107bb22be6368029c
- SHA256
  
  c062646586359c92950920a9e5a51bcec73afeb863dc01337a88adadc789f05e
- SHA512
  
  b104418ebc3eabf7a3d4aae3a23bdeea63d0118f56397e3763318397baa0b59ed5756a354a922c2c6206636ab761197e379e6fa5b4aa7cf2a60c24416a2ad459
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9