egregor | hxxps://www[.]xunlei[.]com/ | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

https://www.xunlei.c...

windows10-1703-x64

Sharing

General

Target

https://www.xunlei.com/
Sample

220913-cq85naacbr

Score

10^/10

egregor bootkit discovery evasion persistence ransomware trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.xunlei.com/

Resource

win10-20220812-ja

egregor bootkit discovery evasion persistence ransomware trojan

windows10-1703-x64

24 signatures

600 seconds

Malware Config

Targets

- Target
  
  https://www.xunlei.com/
Score

10^/10

egregor bootkit discovery evasion persistence ransomware trojan
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

egregorbootkitdiscoveryevasionpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy