General
-
Target
Fantom.zip
-
Size
201KB
-
Sample
220809-c6b5vsbgak
-
MD5
1b218b677de0920cbda400413531d629
-
SHA1
322531ec1e427c6582da131ecd1e06646d46a1a8
-
SHA256
8b11977fad03dca09599067274a89de032aaf99c9c493aa68c3875f5af5628d4
-
SHA512
d36fa15233e0063bada82a2198e7e77a8164722755a377e46f09f5d3b0517bd6275953a1694758400e3a83603c7057e9c6593e211ca4024a698376ff03f1bdca
Static task
static1
Behavioral task
behavioral1
Sample
Fantom.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Fantom.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-3440072777-2118400376-1759599358-1000\DECRYPT_YOUR_FILES.HTML
Extracted
C:\$Recycle.Bin\S-1-5-21-2372564722-193526734-2636556182-1000\DECRYPT_YOUR_FILES.HTML
Targets
-
-
Target
Fantom.exe
-
Size
261KB
-
MD5
7d80230df68ccba871815d68f016c282
-
SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6
-
SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
-
SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
Score10/10-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-