Overview

overview

10

Static

static

46afbb7804...56.exe

windows7_x64

10

46afbb7804...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46afbb780469fd2a5819a9d9ab9d30d2a0d463ff02e6638790624cf326e68b56

  • Size

    997KB

  • Sample

    220212-avqg1aeag2

  • MD5

    feb72e2081db664d7539b81060261a28

  • SHA1

    357c7a47208fb8feddb54d50b8600be7cb075f1f

  • SHA256

    46afbb780469fd2a5819a9d9ab9d30d2a0d463ff02e6638790624cf326e68b56

  • SHA512

    ac8cd678fd39259a150c2d4ac88143197553acd1e91d98dfee3eefd655818e176888433363dfc49189c7c10c76b888c56684a993a782ae9222adc4ef95e7107a

Score
10/10
ouroborosevasionransomware

Malware Config

Targets

    • Target

      46afbb780469fd2a5819a9d9ab9d30d2a0d463ff02e6638790624cf326e68b56

    • Size

      997KB

    • MD5

      feb72e2081db664d7539b81060261a28

    • SHA1

      357c7a47208fb8feddb54d50b8600be7cb075f1f

    • SHA256

      46afbb780469fd2a5819a9d9ab9d30d2a0d463ff02e6638790624cf326e68b56

    • SHA512

      ac8cd678fd39259a150c2d4ac88143197553acd1e91d98dfee3eefd655818e176888433363dfc49189c7c10c76b888c56684a993a782ae9222adc4ef95e7107a

    Score
    10/10
    ouroborosevasionransomware

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Modifies Windows Firewall

      evasion

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks