97e614ba95c1ff59ca4b0a2c810d23a032db15b87b3f085b7f8df8a8864e1c1e | Triage

Sharing

General

Target

2024-10-05_b1eca4ae906fd5778427633d4588a1de_cryptolocker
Size

30KB
Sample

241005-1pdt5atell
MD5

b1eca4ae906fd5778427633d4588a1de
SHA1

ba958fe4df7fa970072ebb0c292ed65474436973
SHA256

97e614ba95c1ff59ca4b0a2c810d23a032db15b87b3f085b7f8df8a8864e1c1e
SHA512

26faafc49438bb8b5449730554b579d7a3ca80162d3d6b3be2bb38b9238d2032b93c1e827cf908c2c559bdf77c7255de89f75391a336604eca69049377d5fbb0
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznCa:b/yC4GyNM01GuQMNXw2PSjH

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-10-05_b1eca4ae906fd5778427633d4588a1de_cryptolocker
- Size
  
  30KB
- MD5
  
  b1eca4ae906fd5778427633d4588a1de
- SHA1
  
  ba958fe4df7fa970072ebb0c292ed65474436973
- SHA256
  
  97e614ba95c1ff59ca4b0a2c810d23a032db15b87b3f085b7f8df8a8864e1c1e
- SHA512
  
  26faafc49438bb8b5449730554b579d7a3ca80162d3d6b3be2bb38b9238d2032b93c1e827cf908c2c559bdf77c7255de89f75391a336604eca69049377d5fbb0
- SSDEEP
  
  384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznCa:b/yC4GyNM01GuQMNXw2PSjH
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2