cryptolocker | b936f92556265514643d243e3d354ab28c11c86990fc2321f573bd90a39fffaf | Triage

Sharing

General

Target

d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9.7z
Size

276KB
Sample

241208-m1wmes1pct
MD5

6b6d3e0ba4a75f5e143e502b09747f6a
SHA1

98446966f43f58478c080fb2218766bd1209ebf7
SHA256

b936f92556265514643d243e3d354ab28c11c86990fc2321f573bd90a39fffaf
SHA512

e20a72893955951b85501b997479fa843efaf37f08aa4185fec0a55b5fc6d395289450dd990ac8f02b95038dc517f9bc643ed4897b0443117ff792820fded9eb
SSDEEP

6144:pmAZKMJoPrKcIj0M5/Vfy+pw5nG8uDR74AHgiFr5tB7j+uw59QAauaVf03:YA84omcoB6G8+74AzFrnB+nDVW03

Score

10^/10

cryptolocker discovery persistence ransomware

Malware Config

Targets

- Target
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9.exe
- Size
  
  338KB
- MD5
  
  04fb36199787f2e3e2135611a38321eb
- SHA1
  
  65559245709fe98052eb284577f1fd61c01ad20d
- SHA256
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
- SHA512
  
  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
- SSDEEP
  
  6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv
Score

10^/10

cryptolocker discovery persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Cryptolocker family
  cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerdiscoverypersistenceransomware

behavioral2

cryptolockerdiscoverypersistenceransomware