95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

Target

Size

986KB

Sample

200211-yh5d2v3rpa

Score

10 ^/10

MD5

934984b11e6690c10e7ad5bf1f0cf274

SHA1

5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f

SHA256

95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

SHA512

4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e

Target

95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

MD5

934984b11e6690c10e7ad5bf1f0cf274

Filesize

986KB

Score

10 ^/10

SHA1

5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f

SHA256

95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

SHA512

4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e

Signatures

Ouroboros/Zeropadypt

Description

Ransomware family based on open-source CryptoWire

Tags

ransomware ouroboros
Drops file in Drivers directory
Modifies Windows Firewall

Tags

evasion

TTPs

Modify Existing Service
Drops startup file
Drops autorun.inf file

Tags

spreading trojan

TTPs

Replication Through Removable Media
Drops file in System32 directory
Modifies service

Tags

persistence

TTPs

Modify Registry Modify Existing Service

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Replication Through Removable Media

Persistence

Modify Existing Service

Privilege Escalation

static1

behavioral1

evasion persistence ransomware ouroboros spreading trojan

10^/10

Tags

Signatures

Ouroboros/Zeropadypt

Description

Tags

Drops file in Drivers directory

Modifies Windows Firewall

Tags

TTPs

Drops startup file

Drops autorun.inf file

Tags

TTPs

Drops file in System32 directory

Modifies service

Tags

TTPs

Related Tasks

static1

behavioral1