Overview

overview

10

Static

static

e008d7bb63...b6.exe

windows7_x64

10

e008d7bb63...b6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e008d7bb6343bc6424be5a2a4515a07c8a60d17bfb5a8653ab74822e585f03b6

  • Size

    1.3MB

  • Sample

    220305-yrhvraaggl

  • MD5

    310c70d59334868d4831f9f9cdb879ab

  • SHA1

    7b522bbde3dce99de92fcfb952d672a3923e00c1

  • SHA256

    e008d7bb6343bc6424be5a2a4515a07c8a60d17bfb5a8653ab74822e585f03b6

  • SHA512

    da1b987065a39c1b83dd1b245550292b6038d34c9113eb720381404d681717593321028fe00f5d835cc99fd0606d65fc3525c8ce218c19eb2e459a8d7603e993

Score
10/10
ouroborosevasionransomware

Malware Config

Targets

    • Target

      e008d7bb6343bc6424be5a2a4515a07c8a60d17bfb5a8653ab74822e585f03b6

    • Size

      1.3MB

    • MD5

      310c70d59334868d4831f9f9cdb879ab

    • SHA1

      7b522bbde3dce99de92fcfb952d672a3923e00c1

    • SHA256

      e008d7bb6343bc6424be5a2a4515a07c8a60d17bfb5a8653ab74822e585f03b6

    • SHA512

      da1b987065a39c1b83dd1b245550292b6038d34c9113eb720381404d681717593321028fe00f5d835cc99fd0606d65fc3525c8ce218c19eb2e459a8d7603e993

    Score
    10/10
    ouroborosevasionransomware

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Modifies Windows Firewall

      evasion

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks