Overview

overview

10

Static

static

ransomware

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319.exe

  • Size

    997KB

  • Sample

    200503-99vyqeh3ke

  • MD5

    5425c30ebba4f84d1874a2c783932646

  • SHA1

    80db4a06b57e61695389c354f155c26bb125bd71

  • SHA256

    7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319

  • SHA512

    457b1539296379bd93adfbc8c3a172405f9c341d9d8aa1c6a8c1dbb0ff52ae564911b1a1218ec5613a5e9e2bcca0c00001d118fb36868391ee93f8155b304f1f

Score
10/10
ouroborosevasionpersistenceransomwarespyware

Malware Config

Targets

    • Target

      7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319.exe

    • Size

      997KB

    • MD5

      5425c30ebba4f84d1874a2c783932646

    • SHA1

      80db4a06b57e61695389c354f155c26bb125bd71

    • SHA256

      7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319

    • SHA512

      457b1539296379bd93adfbc8c3a172405f9c341d9d8aa1c6a8c1dbb0ff52ae564911b1a1218ec5613a5e9e2bcca0c00001d118fb36868391ee93f8155b304f1f

    Score
    10/10
    ransomwareouroborosspywareevasionpersistence

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks