ouroboros | c6da46d2abe90035674272a826d1203dde07338e27e3ebefc6335cbedb389019

Resubmissions

25/06/2021, 19:07 UTC

210625-wj3es9fxde 10

24/06/2021, 06:02 UTC

210624-78vvv4fkks 10

Sharing

Copy URL

Twitter E-mail

General

Target

SvHost-3.exe
Size

1.3MB
Sample

210625-wj3es9fxde
MD5

6d0cefa5b7f1744aa5dbc041c50b1709
SHA1

023fe5cafe7f0b32bfaf1b3549785e4d36a13b63
SHA256

c6da46d2abe90035674272a826d1203dde07338e27e3ebefc6335cbedb389019
SHA512

fb3bef44b77d7d3b83c42f769236f2c7646f1642d07f3650199d6511a111b31cb917fdc9d776d0e4be5cffb374a162ce4cd09925463b94f9bf8be50501f66631

Score

10^/10

Malware Config

Targets

- Target
  
  SvHost-3.exe
- Size
  
  1.3MB
- MD5
  
  6d0cefa5b7f1744aa5dbc041c50b1709
- SHA1
  
  023fe5cafe7f0b32bfaf1b3549785e4d36a13b63
- SHA256
  
  c6da46d2abe90035674272a826d1203dde07338e27e3ebefc6335cbedb389019
- SHA512
  
  fb3bef44b77d7d3b83c42f769236f2c7646f1642d07f3650199d6511a111b31cb917fdc9d776d0e4be5cffb374a162ce4cd09925463b94f9bf8be50501f66631
Score

10^/10

ouroboros xmrig evasion miner ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Ouroboros/Zeropadypt

xmrig

Drops file in Drivers directory

Executes dropped EXE

Modifies Windows Firewall

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

We care about your privacy.