General
-
Target
b0e2a8c3c5d57571c7892940ab531925a2b0451964afd3035f1293062ca6d64e.exe
-
Size
138KB
-
Sample
221109-f4ve7seag4
-
MD5
89ecb17e4dd618967b8d31ce34052c2b
-
SHA1
1c2c6d8809bb77ead595fa41faac6b3861df18aa
-
SHA256
b0e2a8c3c5d57571c7892940ab531925a2b0451964afd3035f1293062ca6d64e
-
SHA512
7fa8c7017d8f643943046487ddeff50328db39cd79c6d967e47e788ff0dadc284e34864b4c99bd5b970237e1517e5fb5da4c474cb60f37dfd0c36bcd19855d4c
-
SSDEEP
3072:dQRrmzwR5JrGJNnVUQRrmzwR5JEQRrmzwR5JS:dQxR5JrGRUQxR5JEQxR5JS
Malware Config
Targets
-
-
Target
b0e2a8c3c5d57571c7892940ab531925a2b0451964afd3035f1293062ca6d64e.exe
-
Size
138KB
-
MD5
89ecb17e4dd618967b8d31ce34052c2b
-
SHA1
1c2c6d8809bb77ead595fa41faac6b3861df18aa
-
SHA256
b0e2a8c3c5d57571c7892940ab531925a2b0451964afd3035f1293062ca6d64e
-
SHA512
7fa8c7017d8f643943046487ddeff50328db39cd79c6d967e47e788ff0dadc284e34864b4c99bd5b970237e1517e5fb5da4c474cb60f37dfd0c36bcd19855d4c
-
SSDEEP
3072:dQRrmzwR5JrGJNnVUQRrmzwR5JEQRrmzwR5JS:dQxR5JrGRUQxR5JEQxR5JS
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-