General
-
Target
e9a799271a884714b87b5ed97bc7f243fa553bf80730291e5408afee468bd698
-
Size
113KB
-
Sample
220731-nvgfzsece8
-
MD5
114dbf38930b854c132b359d901ce08c
-
SHA1
6cd191ad665be92914e2bf519fe21572d51be3fc
-
SHA256
e9a799271a884714b87b5ed97bc7f243fa553bf80730291e5408afee468bd698
-
SHA512
046516dc181220c1b03aa067526c193c533d255928eb3c2a4c2771e7c872cf8ff577222ce27c730a7c2f79fcb882da41b0994949c9f4e8ec7e7198536237e210
Malware Config
Targets
-
-
Target
e9a799271a884714b87b5ed97bc7f243fa553bf80730291e5408afee468bd698
-
Size
113KB
-
MD5
114dbf38930b854c132b359d901ce08c
-
SHA1
6cd191ad665be92914e2bf519fe21572d51be3fc
-
SHA256
e9a799271a884714b87b5ed97bc7f243fa553bf80730291e5408afee468bd698
-
SHA512
046516dc181220c1b03aa067526c193c533d255928eb3c2a4c2771e7c872cf8ff577222ce27c730a7c2f79fcb882da41b0994949c9f4e8ec7e7198536237e210
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-