General
-
Target
0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1.exe
-
Size
97KB
-
Sample
230108-pk2vlsde62
-
MD5
8881f3e50b9f1bcb315769e24b76a3cc
-
SHA1
f6f21445663a197b8f88a7a2fdbc4cbe2bf3be51
-
SHA256
0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1
-
SHA512
dde4d848499dd0eb92982358ad2990a82c22e2c1738a0387ca03dfadfd602b9fe429570815acf648aebc11e5337b1bc44b77e58f4aabd2f9ca5be88f6a34111b
-
SSDEEP
1536:JxqjQ+P04wsmJCf5HqwoOFcqZNeRBl5PT/rx1mzwRMSTdLpJ1M:sr85CfxbtcSQRrmzwR5JS
Malware Config
Targets
-
-
Target
0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1.exe
-
Size
97KB
-
MD5
8881f3e50b9f1bcb315769e24b76a3cc
-
SHA1
f6f21445663a197b8f88a7a2fdbc4cbe2bf3be51
-
SHA256
0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1
-
SHA512
dde4d848499dd0eb92982358ad2990a82c22e2c1738a0387ca03dfadfd602b9fe429570815acf648aebc11e5337b1bc44b77e58f4aabd2f9ca5be88f6a34111b
-
SSDEEP
1536:JxqjQ+P04wsmJCf5HqwoOFcqZNeRBl5PT/rx1mzwRMSTdLpJ1M:sr85CfxbtcSQRrmzwR5JS
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-