General
-
Target
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
Size
994KB
-
Sample
210909-n47pjabcdq
-
MD5
bfed6debcd8c3dbf8ea21655247ed3f0
-
SHA1
2b05bc9c9a14e3f9db8e758b2f5fa060857499bf
-
SHA256
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
SHA512
73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28
Malware Config
Targets
-
-
Target
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
Size
994KB
-
MD5
bfed6debcd8c3dbf8ea21655247ed3f0
-
SHA1
2b05bc9c9a14e3f9db8e758b2f5fa060857499bf
-
SHA256
33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3
-
SHA512
73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28
Score10/10-
Ouroboros/Zeropadypt
Ransomware family based on open-source CryptoWire.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-