ouroboros | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e | Triage

Resubmissions

11-02-2020 15:08

200211-yh5d2v3rpa 10

11-02-2020 13:53

200211-smh4fqemta 10

Sharing

General

Target

95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
Size

986KB
Sample

200211-yh5d2v3rpa
MD5

934984b11e6690c10e7ad5bf1f0cf274
SHA1

5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f
SHA256

95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
SHA512

4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e

Score

10^/10

ouroboros evasion persistence ransomware spreading trojan

Malware Config

Targets

- Target
  
  95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
- Size
  
  986KB
- MD5
  
  934984b11e6690c10e7ad5bf1f0cf274
- SHA1
  
  5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f
- SHA256
  
  95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e
- SHA512
  
  4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e
Score

10^/10

evasion persistence ransomware ouroboros spreading trojan
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire
  ransomware ouroboros
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  spreading trojan
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwareouroborosspreadingtrojan