Study of the Cring analysis

Posted date 15/04/2021
English

This study contains a detailed technical report prepared after analysing a sample of malicious code identified as Cring, the main purpose of which is to identify the actions it carries out, by performing an advanced analysis of the sample, using the set of tools used by the team of analysts.

This study deals with Cring malicious code, also known as Crypt3r, a simple type of malware that is able to partially encrypt a computer and destroy any backup copies stored on it, which makes it, at the very least, of interest for developing ransomware-type cyberattacks especially aimed at the world of business, by focusing on databases and office IT files.

An IOC rule and a Yara rule are also available in this analysis to help with detecting samples belonging to the Cring family.

The technical report includes:

  • General information.
  • Summary of actions.
  • Detailed analysis.
  • Anti-detection and anti-reverse engineering techniques.
  • Persistence.