ouroboros | 3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451 | Triage

Submit
Reports

Overview

overview

Static

static

3b7c7a6b8b...51.exe

windows7_x64

3b7c7a6b8b...51.exe

windows10-2004_x64

Sharing

General

Target

3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451
Size

1.3MB
Sample

220306-a785wahfg3
MD5

fd051c28d517d4a4cfaf09fe5c0f6b3e
SHA1

e960aee473dc56902276e1d91392fb04597f58df
SHA256

3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451
SHA512

06c0edd9e6cd88f71b4c5547b961b66b5b22ca78f45489f6f9f0c9a3caba1228f09ff7a58222fe14fc78ddf58f1a6ef4fa5a2cbf63cb9ec8c103073844b66397

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451.exe

Resource

win7-20220223-en

ouroboros evasion ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451.exe

Resource

win10v2004-en-20220112

ouroboros evasion ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451
- Size
  
  1.3MB
- MD5
  
  fd051c28d517d4a4cfaf09fe5c0f6b3e
- SHA1
  
  e960aee473dc56902276e1d91392fb04597f58df
- SHA256
  
  3b7c7a6b8bcde4a4f5ee586fea46d1bb77da42caf2d5d0d48767615e2ddef451
- SHA512
  
  06c0edd9e6cd88f71b4c5547b961b66b5b22ca78f45489f6f9f0c9a3caba1228f09ff7a58222fe14fc78ddf58f1a6ef4fa5a2cbf63cb9ec8c103073844b66397
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealer

behavioral2

ouroborosevasionransomwarespywarestealer

© 2018-2024

Terms | Privacy