General
-
Target
95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
-
Size
986KB
-
Sample
200211-smh4fqemta
-
MD5
934984b11e6690c10e7ad5bf1f0cf274
-
SHA1
5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f
-
SHA256
95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
-
SHA512
4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e
Malware Config
Targets
-
-
Target
95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
-
Size
986KB
-
MD5
934984b11e6690c10e7ad5bf1f0cf274
-
SHA1
5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f
-
SHA256
95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
-
SHA512
4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e
Score10/10-
Ouroboros/Zeropadypt
Ransomware family based on open-source CryptoWire.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-