ouroboros | 05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9 | Triage

Submit
Reports

Overview

overview

Static

static

05e429f9f9...b9.exe

windows7_x64

05e429f9f9...b9.exe

windows10-2004_x64

Sharing

General

Target

05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
Size

1.3MB
Sample

220305-2ad21sbbdl
MD5

815f827cbedec5631f73178fd1ac9aa8
SHA1

faea120b3544f66dd88e237b2422897d50612ba3
SHA256

05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
SHA512

9ffaf31f9a9cad70af30ffe9fbddff6598632da78cab14e4c83ae6e2a69ef7be219a7fc56fc34980ae4f8682cac021b9c48d197927895e584eb124731db0103e

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9.exe

Resource

win7-en-20211208

ouroboros evasion ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9.exe

Resource

win10v2004-en-20220113

ouroboros evasion ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
- Size
  
  1.3MB
- MD5
  
  815f827cbedec5631f73178fd1ac9aa8
- SHA1
  
  faea120b3544f66dd88e237b2422897d50612ba3
- SHA256
  
  05e429f9f9f76709b2b6efe6509e2a82e36e635f5dcfdb8ae9b49e2301751eb9
- SHA512
  
  9ffaf31f9a9cad70af30ffe9fbddff6598632da78cab14e4c83ae6e2a69ef7be219a7fc56fc34980ae4f8682cac021b9c48d197927895e584eb124731db0103e
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

ouroborosevasionransomware

behavioral2

ouroborosevasionransomwarespywarestealer

© 2018-2024

Terms | Privacy