General
-
Target
d04364cac94599d7e8fec59d93715d03b33106e97c054d0a35989d0aba815740
-
Size
39KB
-
Sample
221103-jgd2gsabcl
-
MD5
e13212e2bc01a444d0683f4ce0eb9a13
-
SHA1
4c5455e7edb7d123ef1c6fbd7c631801fd9fa05d
-
SHA256
d04364cac94599d7e8fec59d93715d03b33106e97c054d0a35989d0aba815740
-
SHA512
bca46b1aae7d7f1bd54a8709540699c5665a5f8b7a2f023f5c792c48a2829806de5afaf9d198c88d8ee5aa8d79f854a280023470ed232e2040f82dc761864140
-
SSDEEP
768:CRVL/BGRIjeupKEV+N9sB8OzSzv8RljXc1h74CcgsT2hq4tjA3y9Ykl9:CR9/BheJE8N988OzA8jO79C2hbtjAC9r
Malware Config
Targets
-
-
Target
dfbaa0fbf0749cab9b57ae0c3d3c712e023ca4fbdfc5dda7eb64dbc5ab647fe2.exe
-
Size
55KB
-
MD5
b22e21b7efea6cf2f4a12788aa04df2c
-
SHA1
2dff60fedd98b550b7f99c9e606916d287292ff8
-
SHA256
dfbaa0fbf0749cab9b57ae0c3d3c712e023ca4fbdfc5dda7eb64dbc5ab647fe2
-
SHA512
4cf9f4730dfa30c4674b1df43d32e1af3b102d721284d07181cca989bf441947129daf473cc1aece608d0dd4f9f56bb57b951bd480d077df924ae466c81f47ef
-
SSDEEP
1536:akcgYgbig9EhjWNMSTdwp++lS/bj26/F/:aj8ijWNw++lSXF
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-