ouroboros | 153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03 | Triage

Sharing

General

Target

153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
Size

1.3MB
Sample

220212-aw6wdaffbr
MD5

7c81770eee7776811ccbf01584262ca7
SHA1

5632f27158227ec4b6b6910133cebe035dc20bcb
SHA256

153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
SHA512

39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437

Score

10^/10

ouroboros evasion ransomware

Malware Config

Targets

- Target
  
  153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
- Size
  
  1.3MB
- MD5
  
  7c81770eee7776811ccbf01584262ca7
- SHA1
  
  5632f27158227ec4b6b6910133cebe035dc20bcb
- SHA256
  
  153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
- SHA512
  
  39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437
Score

10^/10

ouroboros evasion ransomware
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

ouroborosevasionransomware

behavioral2

ouroborosevasionransomware