General

  • Target

    8df97f59144a4f3d55572156abd94b750a1a6ebbb5d1a08c001b5e1f4a1ce351

  • Size

    1.7MB

  • Sample

    200917-1eb3nkgwvx

  • MD5

    3f4181968baaf480a628d522c14cee75

  • SHA1

    0cfbe9d8a205fa528c00c96253ff309ab666ee90

  • SHA256

    8df97f59144a4f3d55572156abd94b750a1a6ebbb5d1a08c001b5e1f4a1ce351

  • SHA512

    319332107b9da31aaa752dc75d5291c80668c204be2b6f0a3d31d4a48428bdccd5dcc7787678eb003fbb3d61af5245ea0d8c87b343cbaf77877e5f0c49e69db4

Malware Config

Targets

    • Target

      8df97f59144a4f3d55572156abd94b750a1a6ebbb5d1a08c001b5e1f4a1ce351

    • Size

      1.7MB

    • MD5

      3f4181968baaf480a628d522c14cee75

    • SHA1

      0cfbe9d8a205fa528c00c96253ff309ab666ee90

    • SHA256

      8df97f59144a4f3d55572156abd94b750a1a6ebbb5d1a08c001b5e1f4a1ce351

    • SHA512

      319332107b9da31aaa752dc75d5291c80668c204be2b6f0a3d31d4a48428bdccd5dcc7787678eb003fbb3d61af5245ea0d8c87b343cbaf77877e5f0c49e69db4

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Suspicious Office macro

      Office document equipped with macros.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks