ouroboros | 5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd | Triage

Submit
Reports

Overview

overview

Static

static

5a8d70b92e...fd.exe

windows7_x64

5a8d70b92e...fd.exe

windows10-2004_x64

Sharing

General

Target

5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd
Size

1.3MB
Sample

220306-e91czabgbn
MD5

516b7b7da67d36d1311350f751801e0b
SHA1

40964f706ff4ac8a8556ba8fde00c13684347057
SHA256

5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd
SHA512

cc61eb27f69cfd97cf23d87ad46df8c0042caceca2c14010c2d6e84ba9560a9b83a07c28bb404f8c32eae9b1092012412f9a7377620854ee35e1276fa2a1460a

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd.exe

Resource

win7-20220223-en

ouroboros evasion ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd.exe

Resource

win10v2004-en-20220112

ouroboros evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd
- Size
  
  1.3MB
- MD5
  
  516b7b7da67d36d1311350f751801e0b
- SHA1
  
  40964f706ff4ac8a8556ba8fde00c13684347057
- SHA256
  
  5a8d70b92e868f4f0ffb76f242dbf83a8816f704f523202a924a913f10a247fd
- SHA512
  
  cc61eb27f69cfd97cf23d87ad46df8c0042caceca2c14010c2d6e84ba9560a9b83a07c28bb404f8c32eae9b1092012412f9a7377620854ee35e1276fa2a1460a
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealer

behavioral2

ouroborosevasionransomware

© 2018-2024

Terms | Privacy