General

  • Target

    26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked

  • Size

    997KB

  • Sample

    210902-d4lc7vfawx

  • MD5

    ba454585b9f42c7254c931c192556e08

  • SHA1

    0b530303634283a43d53abd9190106869f57ba5a

  • SHA256

    26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa

  • SHA512

    2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b

Malware Config

Targets

    • Target

      26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked

    • Size

      997KB

    • MD5

      ba454585b9f42c7254c931c192556e08

    • SHA1

      0b530303634283a43d53abd9190106869f57ba5a

    • SHA256

      26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa

    • SHA512

      2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks