Overview

overview

10

Static

static

Win7: 5min timeout

windows7_x64

10

Resubmissions

11-02-2020 15:08

200211-yh5d2v3rpa 10

11-02-2020 13:53

200211-smh4fqemta 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

  • Size

    986KB

  • Sample

    200211-yh5d2v3rpa

  • MD5

    934984b11e6690c10e7ad5bf1f0cf274

  • SHA1

    5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f

  • SHA256

    95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

  • SHA512

    4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e

Score
10/10
ouroborosevasionpersistenceransomwarespreadingtrojan

Malware Config

Targets

    • Target

      95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

    • Size

      986KB

    • MD5

      934984b11e6690c10e7ad5bf1f0cf274

    • SHA1

      5c826f0bca1460508b0a3db4b0e5f9fbd7c2104f

    • SHA256

      95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e

    • SHA512

      4cc96789b2c6a40b94d7dc5d3ed11876dc643172211114ee588bfc0988f00cc3508d0d1e5d39a08e29b003f12429ba46fa07ac58402d6838b7263a640b20f13e

    Score
    10/10
    evasionpersistenceransomwareouroborosspreadingtrojan

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire

      ransomwareouroboros

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops autorun.inf file

      spreadingtrojan

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks