ouroboros | 7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319 | Triage

Submit
Reports

Overview

overview

Static

static

ransomware

windows7_x64

Sharing

General

Target

7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319.exe
Size

997KB
Sample

200503-99vyqeh3ke
MD5

5425c30ebba4f84d1874a2c783932646
SHA1

80db4a06b57e61695389c354f155c26bb125bd71
SHA256

7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319
SHA512

457b1539296379bd93adfbc8c3a172405f9c341d9d8aa1c6a8c1dbb0ff52ae564911b1a1218ec5613a5e9e2bcca0c00001d118fb36868391ee93f8155b304f1f

Score

10^/10

ouroboros evasion persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319.exe

Resource

win7v200430

ransomware ouroboros spyware evasion persistence

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319.exe
- Size
  
  997KB
- MD5
  
  5425c30ebba4f84d1874a2c783932646
- SHA1
  
  80db4a06b57e61695389c354f155c26bb125bd71
- SHA256
  
  7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319
- SHA512
  
  457b1539296379bd93adfbc8c3a172405f9c341d9d8aa1c6a8c1dbb0ff52ae564911b1a1218ec5613a5e9e2bcca0c00001d118fb36868391ee93f8155b304f1f
Score

10^/10

ransomware ouroboros spyware evasion persistence
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ransomwareouroborosspywareevasionpersistence

© 2018-2024

Terms | Privacy