a.scr

General
Target

a.scr

Size

15KB

Sample

201105-qhajlp5p1e

Score
10 /10
MD5

ba74a7cb5a12d713229105df94a9e418

SHA1

c128af146a1f7ed27d702aa6ad7600d7ca3510cb

SHA256

1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402

SHA512

897c3906884ec1c836831308d023fc06e3b9aa92e8ef0fe8692d66f2965fce45d63eca2a936e5a6672a28fefa4b52ae0812eacfe3b27526509a19d105aba6eee

Malware Config

Extracted

Path C:\221622968119831\Read_Me.txt
Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?DUWYZBCE 5. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs

http://25xb3kc6azicbbuo.onion/?DUWYZBCE

http://helpqvrg3cc5mvb3.onion/

Targets
Target

a.scr

MD5

ba74a7cb5a12d713229105df94a9e418

Filesize

15KB

Score
10 /10
SHA1

c128af146a1f7ed27d702aa6ad7600d7ca3510cb

SHA256

1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402

SHA512

897c3906884ec1c836831308d023fc06e3b9aa92e8ef0fe8692d66f2965fce45d63eca2a936e5a6672a28fefa4b52ae0812eacfe3b27526509a19d105aba6eee

Tags

Signatures

  • Phorphiex Worm

    Description

    Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation