General
-
Target
05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
-
Size
1.3MB
-
Sample
220305-2ad21sbbdl
-
MD5
815f827cbedec5631f73178fd1ac9aa8
-
SHA1
faea120b3544f66dd88e237b2422897d50612ba3
-
SHA256
05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
-
SHA512
9ffaf31f9a9cad70af30ffe9fbddff6598632da78cab14e4c83ae6e2a69ef7be219a7fc56fc34980ae4f8682cac021b9c48d197927895e584eb124731db0103e
Malware Config
Targets
-
-
Target
05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
-
Size
1.3MB
-
MD5
815f827cbedec5631f73178fd1ac9aa8
-
SHA1
faea120b3544f66dd88e237b2422897d50612ba3
-
SHA256
05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
-
SHA512
9ffaf31f9a9cad70af30ffe9fbddff6598632da78cab14e4c83ae6e2a69ef7be219a7fc56fc34980ae4f8682cac021b9c48d197927895e584eb124731db0103e
Score10/10-
Ouroboros/Zeropadypt
Ransomware family based on open-source CryptoWire.
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-