General

  • Target

    39d27dfe389db6efd0539f07a74207f90c797580574db07b9606af68a2553913

  • Size

    986KB

  • Sample

    200917-denh91ztp2

  • MD5

    f792655e03042e9ca4cb8c89e4103c8a

  • SHA1

    4ae946b8712114fca1bbf6dd392eb26a8c874586

  • SHA256

    39d27dfe389db6efd0539f07a74207f90c797580574db07b9606af68a2553913

  • SHA512

    92ab9d00decc68126274425ae261441bd62eebd036c6c60a7c6cd860f0a8b1e6786c80042763f8dabb2db831152f322be58a067a6b8f21f95f953ffa8ec010b5

Malware Config

Targets

    • Target

      39d27dfe389db6efd0539f07a74207f90c797580574db07b9606af68a2553913

    • Size

      986KB

    • MD5

      f792655e03042e9ca4cb8c89e4103c8a

    • SHA1

      4ae946b8712114fca1bbf6dd392eb26a8c874586

    • SHA256

      39d27dfe389db6efd0539f07a74207f90c797580574db07b9606af68a2553913

    • SHA512

      92ab9d00decc68126274425ae261441bd62eebd036c6c60a7c6cd860f0a8b1e6786c80042763f8dabb2db831152f322be58a067a6b8f21f95f953ffa8ec010b5

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Modify Existing Service

1
T1031

Credential Access

Credentials in Files

1
T1081

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Tasks