65499573707cc31b51b9da2d7e6ffffc414dcbfe47a1dfc5dcdca8af8b43379f | Triage

Sharing

General

Target

2024-11-02_ba165cf4e4ae56fadf888d74c974a357_cryptolocker
Size

34KB
Sample

241102-g3r45azdpg
MD5

ba165cf4e4ae56fadf888d74c974a357
SHA1

495d9b8c2cc9dec853a8ed42c94c032fb948524c
SHA256

65499573707cc31b51b9da2d7e6ffffc414dcbfe47a1dfc5dcdca8af8b43379f
SHA512

cbab8379ddb95d1bda037f2c5c447c00ebd914a873d904991d62f37d90489b0a57d80d640b307158eda129ef8867eb5190446f058f697a8bfeee8bdc28c50c8f
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEEr9VE/cop:b/yC4GyNM01GuQMNXw2PSjSKEBVE/cK

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-11-02_ba165cf4e4ae56fadf888d74c974a357_cryptolocker
- Size
  
  34KB
- MD5
  
  ba165cf4e4ae56fadf888d74c974a357
- SHA1
  
  495d9b8c2cc9dec853a8ed42c94c032fb948524c
- SHA256
  
  65499573707cc31b51b9da2d7e6ffffc414dcbfe47a1dfc5dcdca8af8b43379f
- SHA512
  
  cbab8379ddb95d1bda037f2c5c447c00ebd914a873d904991d62f37d90489b0a57d80d640b307158eda129ef8867eb5190446f058f697a8bfeee8bdc28c50c8f
- SSDEEP
  
  384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznStEEr9VE/cop:b/yC4GyNM01GuQMNXw2PSjSKEBVE/cK
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2