phobos | 8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178 | Triage

Submit
Reports

Overview

overview

Static

static

8d81b5ca59...78.exe

windows7-x64

8d81b5ca59...78.exe

windows10-2004-x64

7

Sharing

General

Target

8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178
Size

220KB
Sample

220724-2m37nsbca5
MD5

6f479074761ed9fcd8eab62e378dd861
SHA1

8dfbcabb2c4c5c7aeaf13849c142073b14ed7c45
SHA256

8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178
SHA512

171dfb6f9fabbdc794cf070e37e37900c985c5c7c1cd34fb944ffae18d552d1e0da58531b64a681d76c1d60d27552ad08220c633beb8e1a52a58ea9d070c7946

Score

10^/10

phobos discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178.exe

Resource

win7-20220715-en

phobos discovery persistence ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178
- Size
  
  220KB
- MD5
  
  6f479074761ed9fcd8eab62e378dd861
- SHA1
  
  8dfbcabb2c4c5c7aeaf13849c142073b14ed7c45
- SHA256
  
  8d81b5ca59d55a84a33424e8d19502255ed81b56e08d00ebd2741598f7d4c178
- SHA512
  
  171dfb6f9fabbdc794cf070e37e37900c985c5c7c1cd34fb944ffae18d552d1e0da58531b64a681d76c1d60d27552ad08220c633beb8e1a52a58ea9d070c7946
Score

10^/10

phobos discovery persistence ransomware
- Phobos
  Phobos ransomware appeared at the beginning of 2019.
  ransomware phobos
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

phobosdiscoverypersistenceransomware

behavioral2

© 2018-2024

Terms | Privacy