egregor | main[.]exe

Resubmissions

18-06-2022 22:36

220618-2jp6msbfhn 10

18-06-2022 22:33

220618-2g155abfgj 10

Sharing

Copy URL

Twitter E-mail

General

Target

main.exe
Size

880KB
MD5

8ff709cb8fed0155fc1c77c7af4d1d08
SHA1

654d0436fc8e0042c9dcd9597a1bf4ba60d629b4
SHA256

f62cebe556bf3cdac1deae1af87712ad928f25e95b6630973511903fcf889c37
SHA512

845ff4be9b70ef35f8e3195b79e803461c9e5d6a3363be1e0b977210d65ea6d55278a197714af7bc9b4d32276a34fae811c66bbf88eb987b7c13be23022ef408
SSDEEP

12288:lS7+S/4i+Sr54tlkSo5FDUFco4PwgOC0yxJQi7XLZF/Uhunnc6vD6ZeqQ:lS75/4Ir54tlkMGxJQinZF/Ui7s9

Score

10^/10

egregor

Malware Config

Signatures

Detected Egregor ransomware 1 IoCs

Processes:

resource yara_rule

sample family_egregor
Egregor family
egregor

resource	yara_rule
sample	family_egregor

Files

main.exe
.exe windows x86

08a024e881cfeb4e54ac3c8a2ca94678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetUserDefaultLCID
LCMapStringEx
IsValidLocale
GetLocaleInfoW
GetLocaleInfoEx
EnumSystemLocalesW
GetACP
FormatMessageA
LCMapStringW
GetOEMCP
IsValidCodePage

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringEx
GetStringTypeW

user32

GetForegroundWindow
MessageBoxA
PostMessageA
PostMessageW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
FreeEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle

api-ms-win-core-file-l1-1-0

FindFirstFileExW
FindNextFileW
SetFilePointerEx
FindClose
CreateFileW
ReadFile
WriteFile
FlushFileBuffers
GetFileSizeEx
GetFileType

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetProcessHeap

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
ReadConsoleW
SetConsoleCtrlHandler

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Sections

.textbss
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

08a024e881cfeb4e54ac3c8a2ca94678

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

user32

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-timezone-l1-1-0

Sections

.textbss Size: - Virtual size: 279KB

.text Size: 630KB - Virtual size: 630KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 118KB - Virtual size: 124KB

.idata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 270B

.reloc Size: 21KB - Virtual size: 21KB

.textbss
Size: - Virtual size: 279KB

.text
Size: 630KB - Virtual size: 630KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 118KB - Virtual size: 124KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 270B

.reloc
Size: 21KB - Virtual size: 21KB