General
-
Target
d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf.exe
-
Size
55KB
-
Sample
230124-y4ec4ade93
-
MD5
498ee5cf9c611ba7ed2379414d0bb010
-
SHA1
c4f779d08633a53e7a03c702eafbe3314055aa18
-
SHA256
d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf
-
SHA512
8dad911c0b59485dafd6ddcf879774016f8d63690085d4840e422b44735e82140ad177e9e7663b6cc474214461693219142b55e93fd853a593925752fbaa2761
-
SSDEEP
1536:KNeRBl5PT/rx1mzwRMSTdLpJYXRBawzpK:KQRrmzwR5J4e
Malware Config
Targets
-
-
Target
d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf.exe
-
Size
55KB
-
MD5
498ee5cf9c611ba7ed2379414d0bb010
-
SHA1
c4f779d08633a53e7a03c702eafbe3314055aa18
-
SHA256
d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf
-
SHA512
8dad911c0b59485dafd6ddcf879774016f8d63690085d4840e422b44735e82140ad177e9e7663b6cc474214461693219142b55e93fd853a593925752fbaa2761
-
SSDEEP
1536:KNeRBl5PT/rx1mzwRMSTdLpJYXRBawzpK:KQRrmzwR5J4e
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-