Extracted

• • Target

    lighthouse_teslacrypt_ransomware.mp4

  • Size

    3.1MB

  • MD5

    577c4a77455c945bf638349a16aa9b47

  • SHA1

    ff9139369ebf187e64c86348132dfb5f20bd4ac9

  • SHA256

    c7503cdbc638d4886e9b06942b9afc345f041663734963b49fb25e1577287c46

  • SHA512

    64a5510ca8c19915c9a88a524ca12731d2cb7b672d84f9db58c0aac7e39e1d89cf50981078dbcb905fd75f259124b9aee055e2d6fc95387023345c770313283c

  • SSDEEP

    49152:pHZUdEm4AOcOgifdrIstug5mBdNUQIAfe3o7DDeh+HAjADJEsgBUEG5o5OpaRWC3:pHZA74A9UfOCmHIRoDeCJDGVBvG5o5O0

  Score

  10^/10

  teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Teslacrypt family

    teslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Deobfuscate/Decode Files or Information

    Payload decoded via CertUtil.

    defense_evasion

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2