ouroboros | d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd | Triage

Submit
Reports

Overview

overview

Static

static

d20add24db...bd.exe

windows7_x64

d20add24db...bd.exe

windows10-2004_x64

Sharing

General

Target

d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd
Size

994KB
Sample

220212-apehjsfedk
MD5

1a01257e979825ddd98a39b8f2f9994a
SHA1

d77114c5e32c3cc5904eea994ad23976c01d4c5c
SHA256

d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd
SHA512

7bd5e7f0d3e9dac8cab9374fc3c8afcce5e92dcfd4ae91db6d40bdfa8f12ad969e3b7b0d39e4e717c85d4c2ea6ca421e01a93055f77bcd84b94c6dfabaff43c2

Score

10^/10

ouroboros evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd.exe

Resource

win7-en-20211208

ouroboros evasion ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd.exe

Resource

win10v2004-en-20220112

ouroboros evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd
- Size
  
  994KB
- MD5
  
  1a01257e979825ddd98a39b8f2f9994a
- SHA1
  
  d77114c5e32c3cc5904eea994ad23976c01d4c5c
- SHA256
  
  d20add24db21888a00129eca3e0313d86faebfed31aab4f273e8e714ed1bfbbd
- SHA512
  
  7bd5e7f0d3e9dac8cab9374fc3c8afcce5e92dcfd4ae91db6d40bdfa8f12ad969e3b7b0d39e4e717c85d4c2ea6ca421e01a93055f77bcd84b94c6dfabaff43c2
Score

10^/10

ouroboros evasion ransomware
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ouroborosevasionransomware

behavioral2

ouroborosevasionransomware

© 2018-2024

Terms | Privacy