General
-
Target
2d310cd28162abfe2bc489e000fc1a9ca52f7d2b739f29be266d807439bced90
-
Size
149KB
-
Sample
221125-kkemvseb36
-
MD5
24e0cf05d2d34b1e6efbc7949bd7aa1f
-
SHA1
dfdf26d8de8f123dbfdc0b4d5a0a967aee454d9b
-
SHA256
2d310cd28162abfe2bc489e000fc1a9ca52f7d2b739f29be266d807439bced90
-
SHA512
5b0a000a3dc159de262de88d8721b766ced6424209ab136c5630c4cd0eb4fc0f7e14624b3f6fb08c2b775ab45402fe863975ae43b48c6b9775f67045f29773f2
-
SSDEEP
3072:iMYxKXZHdlgQhA+zXuIDl33qMDqNfSwAk/GDbjXR4s4npu4:UOltfDl33BDsJAS8R4Xpu
Malware Config
Targets
-
-
Target
2d310cd28162abfe2bc489e000fc1a9ca52f7d2b739f29be266d807439bced90
-
Size
149KB
-
MD5
24e0cf05d2d34b1e6efbc7949bd7aa1f
-
SHA1
dfdf26d8de8f123dbfdc0b4d5a0a967aee454d9b
-
SHA256
2d310cd28162abfe2bc489e000fc1a9ca52f7d2b739f29be266d807439bced90
-
SHA512
5b0a000a3dc159de262de88d8721b766ced6424209ab136c5630c4cd0eb4fc0f7e14624b3f6fb08c2b775ab45402fe863975ae43b48c6b9775f67045f29773f2
-
SSDEEP
3072:iMYxKXZHdlgQhA+zXuIDl33qMDqNfSwAk/GDbjXR4s4npu4:UOltfDl33BDsJAS8R4Xpu
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-