General
-
Target
2dcaca208625860f4eb114af4c4158368284eb99c994793d5ac66d3af654bf5f.exe
-
Size
55KB
-
Sample
221109-gxledsfher
-
MD5
14214f7904102bb6747d0e31a50c08d3
-
SHA1
a89974390c9c03495e631f6dca4ae54d044d0941
-
SHA256
2dcaca208625860f4eb114af4c4158368284eb99c994793d5ac66d3af654bf5f
-
SHA512
da8277a651ac3b9b7d6cef228d3a6e5b02b1eb95c93ac425dcea3610d21e4e953026c57262ec69a215c70d46b722958b8e4b747dbc1b4519a32f0e847be1295c
-
SSDEEP
1536:ukcgYgbig9EhjWNMSTdwp++ln/oomTc0q:uj8ijWNw++lQhc3
Malware Config
Targets
-
-
Target
2dcaca208625860f4eb114af4c4158368284eb99c994793d5ac66d3af654bf5f.exe
-
Size
55KB
-
MD5
14214f7904102bb6747d0e31a50c08d3
-
SHA1
a89974390c9c03495e631f6dca4ae54d044d0941
-
SHA256
2dcaca208625860f4eb114af4c4158368284eb99c994793d5ac66d3af654bf5f
-
SHA512
da8277a651ac3b9b7d6cef228d3a6e5b02b1eb95c93ac425dcea3610d21e4e953026c57262ec69a215c70d46b722958b8e4b747dbc1b4519a32f0e847be1295c
-
SSDEEP
1536:ukcgYgbig9EhjWNMSTdwp++ln/oomTc0q:uj8ijWNw++lQhc3
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-