General

  • Target

    osno-crypted.bin.zip

  • Size

    1.2MB

  • Sample

    201009-r1rjpnndpj

  • MD5

    82c3cdc4e38823d44da2c981bd7b5bfa

  • SHA1

    c8b01a1b7ad43b09f30b2c5c5d7aa5ecd8a101c6

  • SHA256

    b8d6705ee853b6f830e6487419e13f4a1d95537dbb360534b744b2fca738726e

  • SHA512

    ee36b90e9d4a73917f0de1ff2fee390c0f5597b20c5b13c4df87f31a241e23d5031964c92192790b7cf62cee9068077361d2f603217b62d64a8cd1fc79246f7f

Score
8/10

Malware Config

Targets

    • Target

      osno-crypted.bin

    • Size

      1.2MB

    • MD5

      62327bef9782540580f59f3f691cd692

    • SHA1

      363467bf1abb5dc8da3121114dfccc257bd98934

    • SHA256

      c6bef6be20451c071f55d66125e560f3b3bc8f58f92719f96b541ca3076ae247

    • SHA512

      14e7a64b920a2c33b41ab91bc38f3358636d35dd8702339ac119ff6e6b91cb2f5c8159d8346426ae2d6d37fe36a43cfadcb2e81a099821d38389390682740701

    Score
    8/10
    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks