Overview

overview

10

Static

static

bb51eef3e4...ee.exe

windows7_x64

10

bb51eef3e4...ee.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb51eef3e46dc4ebf041dd7ac6e717d36eea57ca3acc88efad65fa3cb06081ee

  • Size

    994KB

  • Sample

    220212-ap29lsfedq

  • MD5

    043051032c01d2d5e7dc0a180eab52f0

  • SHA1

    6a708fc95a1b0d0f60b5674b652e27b52db2fbbd

  • SHA256

    bb51eef3e46dc4ebf041dd7ac6e717d36eea57ca3acc88efad65fa3cb06081ee

  • SHA512

    754d42a6600cfd11999b7e7a2cd771c62e42d8cd581a621cae764c245cc68af1b56c554704ea81cb0b17059bf94bf0a17798e14f26732840cb74a74a390b2537

Score
10/10
ouroborosevasionransomware

Malware Config

Targets

    • Target

      bb51eef3e46dc4ebf041dd7ac6e717d36eea57ca3acc88efad65fa3cb06081ee

    • Size

      994KB

    • MD5

      043051032c01d2d5e7dc0a180eab52f0

    • SHA1

      6a708fc95a1b0d0f60b5674b652e27b52db2fbbd

    • SHA256

      bb51eef3e46dc4ebf041dd7ac6e717d36eea57ca3acc88efad65fa3cb06081ee

    • SHA512

      754d42a6600cfd11999b7e7a2cd771c62e42d8cd581a621cae764c245cc68af1b56c554704ea81cb0b17059bf94bf0a17798e14f26732840cb74a74a390b2537

    Score
    10/10
    ouroborosevasionransomware

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Modifies Windows Firewall

      evasion

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks