General

  • Target

    VirusShare_bfed6debcd8c3dbf8ea21655247ed3f0

  • Size

    994KB

  • Sample

    230508-wdxewadf7s

  • MD5

    bfed6debcd8c3dbf8ea21655247ed3f0

  • SHA1

    2b05bc9c9a14e3f9db8e758b2f5fa060857499bf

  • SHA256

    33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

  • SHA512

    73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28

  • SSDEEP

    24576:+Vk0mL0+1snLNM6Z8gQbHDGq3ixHsWyiFhv/C:+VBvLO6KXGFZRyiFh3C

Malware Config

Targets

    • Target

      VirusShare_bfed6debcd8c3dbf8ea21655247ed3f0

    • Size

      994KB

    • MD5

      bfed6debcd8c3dbf8ea21655247ed3f0

    • SHA1

      2b05bc9c9a14e3f9db8e758b2f5fa060857499bf

    • SHA256

      33894a6f9df34bfdd9408bf6771ddc3ce32a315287b228a3bef4753e699fd1d3

    • SHA512

      73a033937bc55f24a9089e493b3c8c3c6c058a77905ca1c09b73288ac5932328668d588add546a51779e36da6408c1aeab52af290a6bfae15391ac2d8faf9a28

    • SSDEEP

      24576:+Vk0mL0+1snLNM6Z8gQbHDGq3ixHsWyiFhv/C:+VBvLO6KXGFZRyiFh3C

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

    • Modifies Windows Firewall

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks