cryptolocker

General

Target

Screenshot 2025-01-10 185717.png
Size

5KB
Sample

250113-2d3jsa1rdk
MD5

e67033504810204d124433a8c958b9a8
SHA1

eeabb0c754e277b1fc0e4c3a7324dcbcd88b255f
SHA256

4ea8a10216467c41d47aa6008f31d650c74918a3c7de8dd8b5a57de66aca4cba
SHA512

260869b12895115484279765eae89c205426accbb75efa1c63063ae9458de4a94f1579ffc6990ef9e67d74f5a3c7479d20994620fdba2c12b3c5446245048353
SSDEEP

96:Qm3jh54FmrQZYnWFLANVbwxEZEHJhGwllZvf8cGG+RYRRm39qoLwi8vY6:5Th+FJFYVbsEZiSwlrvf8nbRYc0jiWN

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Targets

- Target
  
  Screenshot 2025-01-10 185717.png
- Size
  
  5KB
- MD5
  
  e67033504810204d124433a8c958b9a8
- SHA1
  
  eeabb0c754e277b1fc0e4c3a7324dcbcd88b255f
- SHA256
  
  4ea8a10216467c41d47aa6008f31d650c74918a3c7de8dd8b5a57de66aca4cba
- SHA512
  
  260869b12895115484279765eae89c205426accbb75efa1c63063ae9458de4a94f1579ffc6990ef9e67d74f5a3c7479d20994620fdba2c12b3c5446245048353
- SSDEEP
  
  96:Qm3jh54FmrQZYnWFLANVbwxEZEHJhGwllZvf8cGG+RYRRm39qoLwi8vY6:5Th+FJFYVbsEZiSwlrvf8nbRYc0jiWN
Score

10^/10

cryptolocker wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Cryptolocker family
  cryptolocker
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Wannacry family
  wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (54) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1