egregor | hxxps://www[.]xunlei[.]com/ | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

https://www.xunlei.c...

windows10-1703-x64

Sharing

General

Target

https://www.xunlei.com/
Sample

220913-cq85naacbr

Score

10^/10

egregor bootkit discovery evasion persistence ransomware trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.xunlei.com/

Resource

win10-20220812-ja

egregor bootkit discovery evasion persistence ransomware trojan

windows10-1703-x64

24 signatures

600 seconds

Malware Config

Targets

- Target
  
  https://www.xunlei.com/
Score

10^/10

egregor bootkit discovery evasion persistence ransomware trojan
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

egregorbootkitdiscoveryevasionpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy