General
-
Target
1e3d1dce864ea7544e10a2758f11fafacd39a0cfc7022e3493d6a25dbaffb6c3.exe
-
Size
97KB
-
Sample
221219-vt9jpsaf3y
-
MD5
6aa9acfb386ff6673ed8bd77c459ea5b
-
SHA1
77e9926caeaf7bd23b832069384e1c02dd4ff78e
-
SHA256
1e3d1dce864ea7544e10a2758f11fafacd39a0cfc7022e3493d6a25dbaffb6c3
-
SHA512
464c279beddc068133ef15d8b03056a86abdde0e5fb8af5296cf16aab8eb9485dbf9c4856a5618e8e05f9533dfd8869b155c4b339fbe807f4fd35fd28dd9ba0b
-
SSDEEP
1536:JxqjQ+P04wsmJCGl+/wA1rK4ZNeRBl5PT/rx1mzwRMSTdLpJ0iM:sr85ChwAEAQRrmzwR5Jo
Malware Config
Targets
-
-
Target
1e3d1dce864ea7544e10a2758f11fafacd39a0cfc7022e3493d6a25dbaffb6c3.exe
-
Size
97KB
-
MD5
6aa9acfb386ff6673ed8bd77c459ea5b
-
SHA1
77e9926caeaf7bd23b832069384e1c02dd4ff78e
-
SHA256
1e3d1dce864ea7544e10a2758f11fafacd39a0cfc7022e3493d6a25dbaffb6c3
-
SHA512
464c279beddc068133ef15d8b03056a86abdde0e5fb8af5296cf16aab8eb9485dbf9c4856a5618e8e05f9533dfd8869b155c4b339fbe807f4fd35fd28dd9ba0b
-
SSDEEP
1536:JxqjQ+P04wsmJCGl+/wA1rK4ZNeRBl5PT/rx1mzwRMSTdLpJ0iM:sr85ChwAEAQRrmzwR5Jo
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-