Overview

overview

10

Static

static

8710ad8fb2...bc.exe

windows7-x64

10

8710ad8fb2...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7904defc0a63ff2707cbb8cd6e48b2c52613b032a9ad0bcefa13e1cd9f9f474f

  • Size

    40KB

  • Sample

    221109-psep2sadhk

  • MD5

    c6422737651389e323f8a1c7a1e84a9e

  • SHA1

    aede228461db2f2dd18e99a39b3108bae26fd270

  • SHA256

    7904defc0a63ff2707cbb8cd6e48b2c52613b032a9ad0bcefa13e1cd9f9f474f

  • SHA512

    a19e9b80cc91038e44e51aebc2c6dd0c3a1c206b2ff4bee62ad32bd21073ee68b37db5de05820f19c081860ea6344568ec5b78a97bbaed704d9ada1b459dfe77

  • SSDEEP

    768:F8+42FHzSg20l5SUFDGqFzKh5ABgPaaTBYUvur54wpqW8/NGs5K/leyKTeQ:jpSel59cqNKhOaVpulrqpU/USQ

Score
10/10
phobosevasionpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      8710ad8fb2938326655335455987aa17961b2496a345a7ed9f4bbfcb278212bc.exe

    • Size

      62KB

    • MD5

      ab7b66ee5385cb473b9c15db3e239692

    • SHA1

      5875f07b7b8174284ca15e4d5f53942e0d736024

    • SHA256

      8710ad8fb2938326655335455987aa17961b2496a345a7ed9f4bbfcb278212bc

    • SHA512

      1a9139af13dacb7cc0022b1216d725e39cfe3668384caf6942705bd1cad263368c4b305f7ccd649cd9bee3be5817029fd410bd02deff34c6b73d8159f2aae280

    • SSDEEP

      1536:XNeRBl5PT/rx1mzwRMSTdLpJil7Qi9TMk:XQRrmzwR5J67Qi9TMk

    Score
    10/10
    phobosevasionpersistenceransomwarespywarestealer

    • Phobos

      Phobos ransomware appeared at the beginning of 2019.

      ransomwarephobos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks