ouroboros | c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa | Triage

Submit
Reports

Overview

overview

Static

static

c3a3acd824...aa.exe

windows7_x64

c3a3acd824...aa.exe

windows10-2004_x64

Sharing

General

Target

c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa
Size

1011KB
Sample

220524-z57lpsccfk
MD5

73528b74e4edb1c32a4d88abe34ae437
SHA1

b97c0fc8a34e88c03704e43829c550d765398a3c
SHA256

c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa
SHA512

523cd56a44e91fc3084b76d68dbce6e77dac190716833cce455d2091894b403def7132475ec748b0d26fed90a4fcfc5d5f65f0eba098bc7d8ac4853ae9e547ec

Score

10^/10

ouroboros evasion ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa.exe

Resource

win7-20220414-en

ouroboros evasion ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa.exe

Resource

win10v2004-20220414-en

ouroboros evasion ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa
- Size
  
  1011KB
- MD5
  
  73528b74e4edb1c32a4d88abe34ae437
- SHA1
  
  b97c0fc8a34e88c03704e43829c550d765398a3c
- SHA256
  
  c3a3acd8241a5fa5c2f2d596e7b8aecb0e427e7b399ee5ef6c7dfea8d86ebdaa
- SHA512
  
  523cd56a44e91fc3084b76d68dbce6e77dac190716833cce455d2091894b403def7132475ec748b0d26fed90a4fcfc5d5f65f0eba098bc7d8ac4853ae9e547ec
Score

10^/10

ouroboros evasion ransomware spyware stealer
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealer

behavioral2

ouroborosevasionransomware

© 2018-2024

Terms | Privacy