ouroboros | d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382 | Triage

Submit
Reports

Overview

overview

task1

task2

Resubmissions

06-02-2020 11:15

200206-yr9smta93e 8

06-02-2020 11:02

200206-3dy8j7a4kj 10

Sharing

General

Target

d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382
Size

376KB
Sample

200206-3dy8j7a4kj
MD5

a521f2c76e2212feb810e6bc1d35995a
SHA1

e0bc61d4e38c30f86d7236b431db50e411e60c06
SHA256

d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382
SHA512

868ebdcb41453316f6dc6fa1344479df7b0f5807bebe4d17721d77ebacb8a7dc31f0e11f2cb9fcacd869fb2326b561ece3a5ad0999ba824e14255040f4ae8280

Score

10^/10

ouroboros xmrig evasion miner ransomware

Task

task1

Sample

d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382.exe

Resource

win7v191014

ouroboros xmrig evasion miner ransomware

0 signatures

Task

task2

Sample

d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382.exe

Resource

win10v191014

ouroboros evasion ransomware

0 signatures

Malware Config

Targets

- Target
  
  d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382
- Size
  
  376KB
- MD5
  
  a521f2c76e2212feb810e6bc1d35995a
- SHA1
  
  e0bc61d4e38c30f86d7236b431db50e411e60c06
- SHA256
  
  d5e37ee4ac4a5d9b798a2d1e80177e67dcf1ea31f21674ed8a1e20851d52f382
- SHA512
  
  868ebdcb41453316f6dc6fa1344479df7b0f5807bebe4d17721d77ebacb8a7dc31f0e11f2cb9fcacd869fb2326b561ece3a5ad0999ba824e14255040f4ae8280
Score

10^/10

ouroboros xmrig evasion miner ransomware
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

ouroborosxmrigevasionminerransomware

task2

ouroborosevasionransomware

© 2018-2024

Terms | Privacy