Overview

overview

10

Static

static

26690dae11...ed.exe

windows7_x64

26690dae11...ed.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked

  • Size

    997KB

  • Sample

    210902-xeetlrgfde

  • MD5

    ba454585b9f42c7254c931c192556e08

  • SHA1

    0b530303634283a43d53abd9190106869f57ba5a

  • SHA256

    26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa

  • SHA512

    2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b

Score
10/10
ouroborosevasionransomware

Malware Config

Targets

    • Target

      26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa_unpacked

    • Size

      997KB

    • MD5

      ba454585b9f42c7254c931c192556e08

    • SHA1

      0b530303634283a43d53abd9190106869f57ba5a

    • SHA256

      26690dae115f47a1e0167750209a30cc68f51c5090e3b908105c93967e5156fa

    • SHA512

      2cb918eab6776c7cfea031cbb48cc4e33e068489a37f39ba1e246f32fef7a35c3511293b399c81b5b8056bca50d725554866584460f04efe0d65c1d1c625bc4b

    Score
    10/10
    ouroborosevasionransomware

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Modifies Windows Firewall

      evasion

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.