General
-
Target
62b096449d5dc6f876c43e48d1c27a63de0f75e70279f811b5c6ba18f9126f7b.exe
-
Size
56KB
-
Sample
221219-ld7kqsef92
-
MD5
9d698f5fb023c21b0629273b0ef42594
-
SHA1
76ba11bfc956c6c68b8d34731f6573e308d6771b
-
SHA256
62b096449d5dc6f876c43e48d1c27a63de0f75e70279f811b5c6ba18f9126f7b
-
SHA512
c04548373451fc1d02031bf4957a9c07882c15639304c7a5e5d1e37dbe27afe94ccdaa0f2db3f08ce333415260d25be78fc7984f17ba7194c32be74c3bdc50ed
-
SSDEEP
768:zvrNNeRBl5JFTXqwXrkgrn/9/HiDKGwRj4RcTdyH4pYT3nPKVU1EHC6HHZTg4qfH:9NeRBl5PT/rx1mzwRMSTdLpJHRH5Q9d
Malware Config
Targets
-
-
Target
62b096449d5dc6f876c43e48d1c27a63de0f75e70279f811b5c6ba18f9126f7b.exe
-
Size
56KB
-
MD5
9d698f5fb023c21b0629273b0ef42594
-
SHA1
76ba11bfc956c6c68b8d34731f6573e308d6771b
-
SHA256
62b096449d5dc6f876c43e48d1c27a63de0f75e70279f811b5c6ba18f9126f7b
-
SHA512
c04548373451fc1d02031bf4957a9c07882c15639304c7a5e5d1e37dbe27afe94ccdaa0f2db3f08ce333415260d25be78fc7984f17ba7194c32be74c3bdc50ed
-
SSDEEP
768:zvrNNeRBl5JFTXqwXrkgrn/9/HiDKGwRj4RcTdyH4pYT3nPKVU1EHC6HHZTg4qfH:9NeRBl5PT/rx1mzwRMSTdLpJHRH5Q9d
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-