ouroboros | bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f | Triage

Submit
Reports

Overview

overview

Static

static

bf51b9a34c...1f.exe

windows10_x64

Sharing

General

Target

bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f
Size

987KB
Sample

211223-s7y9saahgk
MD5

15f32a4ee7b75aefa308866b4bd79539
SHA1

e106a83bf1a5bf23fde2ee2669a580ccd7104f8b
SHA256

bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f
SHA512

3b5f7bbe45b382f0ef15376a92597bca15a6f4b9d3ccba097b588ad6568f1aecd7cf58431045b34359860da8ac17b64deb678597010b423150c63f656d7ff199

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f.exe

Resource

win10-en-20211208

ouroboros evasion ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f
- Size
  
  987KB
- MD5
  
  15f32a4ee7b75aefa308866b4bd79539
- SHA1
  
  e106a83bf1a5bf23fde2ee2669a580ccd7104f8b
- SHA256
  
  bf51b9a34c195241c646a4088607e1db7079e56fe733a206ae34c70ecfd8ca1f
- SHA512
  
  3b5f7bbe45b382f0ef15376a92597bca15a6f4b9d3ccba097b588ad6568f1aecd7cf58431045b34359860da8ac17b64deb678597010b423150c63f656d7ff199
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealer

© 2018-2024

Terms | Privacy