ouroboros | b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f | Triage

Submit
Reports

Overview

overview

Static

static

b909408a7f...5f.exe

windows7_x64

b909408a7f...5f.exe

windows10-2004_x64

Sharing

General

Target

b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f
Size

994KB
Sample

220306-fq4fysbgdk
MD5

c43c4e32d8f30c6c63aea0d6dc5c11cd
SHA1

93d1bc3f0b9e03a43bcf789928ac12ecdea24588
SHA256

b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f
SHA512

95566d9f393e5bb9ab44834841e757eeb4c326ec454ce34e955e20b499d3ff8a5585fb91abb6ac1043fd76ad6942e447f9d36a353895a74654ce73bf74452d52

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f.exe

Resource

win7-20220223-en

ouroboros evasion ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f.exe

Resource

win10v2004-en-20220112

ouroboros evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f
- Size
  
  994KB
- MD5
  
  c43c4e32d8f30c6c63aea0d6dc5c11cd
- SHA1
  
  93d1bc3f0b9e03a43bcf789928ac12ecdea24588
- SHA256
  
  b909408a7f5be6fa466071bafc0949c092ee53a655a83cc28a6f633eb4d9d45f
- SHA512
  
  95566d9f393e5bb9ab44834841e757eeb4c326ec454ce34e955e20b499d3ff8a5585fb91abb6ac1043fd76ad6942e447f9d36a353895a74654ce73bf74452d52
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealer

behavioral2

ouroborosevasionransomware

© 2018-2024

Terms | Privacy