ouroboros | fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388 | Triage

Submit
Reports

Overview

overview

Static

static

8

fc92582818...88.exe

windows10-2004-x64

Sharing

General

Target

fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388
Size

519KB
Sample

221115-w5m1hsfb94
MD5

d2e5de5fde2df40aa2515e9d13b0735c
SHA1

f6ebd38d354746482db21fb989cb22c0a764f098
SHA256

fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388
SHA512

9b18cd6ad5f37402be935e85df5c1e4032e16e29374de26c9aa6cfb41fc05077e16cfd89b49fe016bc34c61bf9132a44b1efb7a70c4c342278cc24733ac3e0c0
SSDEEP

12288:ggA009BmT3iiOjSXlBCq/3zn98aLAW1jI6UDymBdxgwcn6ilhbOD4:YPbcOjSieAWIg9o4

Score

10^/10

ouroboros evasion ransomware spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388.exe

Resource

win10v2004-20220812-en

ouroboros evasion ransomware spyware stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388
- Size
  
  519KB
- MD5
  
  d2e5de5fde2df40aa2515e9d13b0735c
- SHA1
  
  f6ebd38d354746482db21fb989cb22c0a764f098
- SHA256
  
  fc925828184414ad44912fc6ca35af25aa6bbcff505026b1fc208b4064bdd388
- SHA512
  
  9b18cd6ad5f37402be935e85df5c1e4032e16e29374de26c9aa6cfb41fc05077e16cfd89b49fe016bc34c61bf9132a44b1efb7a70c4c342278cc24733ac3e0c0
- SSDEEP
  
  12288:ggA009BmT3iiOjSXlBCq/3zn98aLAW1jI6UDymBdxgwcn6ilhbOD4:YPbcOjSieAWIg9o4
Score

10^/10

ouroboros evasion ransomware spyware stealer upx
- Ouroboros/Zeropadypt
  Ransomware family based on open-source CryptoWire.
  ransomware ouroboros
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

ouroborosevasionransomwarespywarestealerupx

© 2018-2024

Terms | Privacy