General

  • Target

    33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

  • Size

    994KB

  • Sample

    210909-n47pjabcdq

  • MD5

    bfed6debcd8c3dbf8ea21655247ed3f0

  • SHA1

    2b05bc9c9a14e3f9db8e758b2f5fa060857499bf

  • SHA256

    33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

  • SHA512

    73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28

Malware Config

Targets

    • Target

      33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

    • Size

      994KB

    • MD5

      bfed6debcd8c3dbf8ea21655247ed3f0

    • SHA1

      2b05bc9c9a14e3f9db8e758b2f5fa060857499bf

    • SHA256

      33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

    • SHA512

      73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks