ctblocker | bd73f27673d98e8d9fb20bec3ef0dd4456e33eefead3839a68c2228a5c1686ab

Sharing

Copy URL

Twitter E-mail

General

Target

bcd9fa9f553a16595cdc8138cbc57a05_JaffaCakes118
Size

781KB
Sample

241203-ly1ypazpdw
MD5

bcd9fa9f553a16595cdc8138cbc57a05
SHA1

f1dbc1e41e2b1a587785473fbee8b44c44b9dc14
SHA256

bd73f27673d98e8d9fb20bec3ef0dd4456e33eefead3839a68c2228a5c1686ab
SHA512

723a53a0af7ec185d1dd2fe3369fc83584eb22e600b3b8196e15bd5991f09813c75dc0854b0af3c9c34fc8ca303d5df56f7047fbc50b646064671aa5c70e1d4b
SSDEEP

24576:XMGnp32Wyylm04ohyFufJ8V8FISkWduPuKIHTrwcm/DX6QC:XZZyAmqcFuxeI7+h9B/DK

Score

10^/10

Malware Config

Targets

- Target
  
  Fattura 00384788-00849838.pdf.exe
- Size
  
  884KB
- MD5
  
  23c1fa39c8cb4a46d54b2c9ea9df952d
- SHA1
  
  815dfd495271d7792e5d0dbb3e78a14bf4a8fd90
- SHA256
  
  97be6754d010714743932afa3f4ea308e2f0b19212e8b8b150af7cdd3383f44b
- SHA512
  
  78106662327d856f05bc98bc700ab0f5d719fd2365c46db26400ad140b96004a86acd9831cba3799de4eeffa959c82c5ee557c1a1db266f79c49aa4b910e5d60
- SSDEEP
  
  24576:dRHuj2I8hyf+fJGV8HiukodYP+gIHB7wcmZtpU:2jL8cf+xIsDWlVBZt6
Score

10^/10

ctblocker defense_evasion discovery execution impact ransomware
- CTB-Locker
  Ransomware family which uses Tor to hide its C2 communications.
  ransomware ctblocker
- Ctblocker family
  ctblocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eee2912bd1ee421cf1f1dfb1cc327d97
- SHA1
  
  c5d3741ddb195718c9b17923eb6abfb7a732bdc1
- SHA256
  
  e560384c5298ee2123e8340e716b2c4680f51b4d0347995ba3290dbd1130c6c0
- SHA512
  
  1808a068386c790d8ad5096d9fededcfa6e5688e3a68f2499418456c9cafd7b837c811298e6570212155b4a3d6038c1749cfcd9d1b86f090f66d1a5301adecb2
- SSDEEP
  
  192:qcOqh13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejPK72dwF7dBKEw:qcD13v5SdHeMRRKkwsejP+BV
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  883eff06ac96966270731e4e22817e11
- SHA1
  
  523c87c98236cbc04430e87ec19b977595092ac8
- SHA256
  
  44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
- SHA512
  
  60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
- SSDEEP
  
  96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Nwiz.dll
- Size
  
  54KB
- MD5
  
  af5cfacd0e4f50aea5e1353131d31ee1
- SHA1
  
  2c25083e39c4604bcde7ebc1ea966d45646eead8
- SHA256
  
  60737caef33db58b24924eecaeb13e9d6c6cbc27408fd2c59cda67d326b1495e
- SHA512
  
  5c58ecb55ca6a82bfe6d5647058b4d2e852010029d4a356d7cbd4a4e7fa3f31ca3fb88a8e81c9566e9d9736e104e8d8375053ff89d90802cc145e27349155db9
- SSDEEP
  
  1536:99Yy15JFAVwHDDUpGPxXrE0aoG8GrjkRXaFyu:7Y8tDUpGsjkRXaFyu
Score

3^/10

discovery
behavioral7 behavioral8