Overview

overview

10

Static

static

8

SvHost-3.exe

windows7_x64

10

SvHost-3.exe

windows10_x64

10

Resubmissions

25-06-2021 19:07

210625-wj3es9fxde 10

24-06-2021 06:02

210624-78vvv4fkks 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SvHost-3.exe

  • Size

    1.3MB

  • Sample

    210625-wj3es9fxde

  • MD5

    6d0cefa5b7f1744aa5dbc041c50b1709

  • SHA1

    023fe5cafe7f0b32bfaf1b3549785e4d36a13b63

  • SHA256

    c6da46d2abe90035674272a826d1203dde07338e27e3ebefc6335cbedb389019

  • SHA512

    fb3bef44b77d7d3b83c42f769236f2c7646f1642d07f3650199d6511a111b31cb917fdc9d776d0e4be5cffb374a162ce4cd09925463b94f9bf8be50501f66631

Score
10/10
ouroborosxmrigevasionminerransomwarespywarestealerupx

Malware Config

Targets

    • Target

      SvHost-3.exe

    • Size

      1.3MB

    • MD5

      6d0cefa5b7f1744aa5dbc041c50b1709

    • SHA1

      023fe5cafe7f0b32bfaf1b3549785e4d36a13b63

    • SHA256

      c6da46d2abe90035674272a826d1203dde07338e27e3ebefc6335cbedb389019

    • SHA512

      fb3bef44b77d7d3b83c42f769236f2c7646f1642d07f3650199d6511a111b31cb917fdc9d776d0e4be5cffb374a162ce4cd09925463b94f9bf8be50501f66631

    Score
    10/10
    ouroborosxmrigevasionminerransomwarespywarestealer

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks