General
-
Target
cmd.exe
-
Size
55KB
-
Sample
230306-pb49dabe9w
-
MD5
c80fa6946b999e10575655b52972e294
-
SHA1
4b2b7d490c1f84bc210a2aa3bdb02929e2dbae1c
-
SHA256
9fe80b59926a0d8fa97ce49a1ee7564a8a2464283d3df047a9af7eea2356d3f5
-
SHA512
e80e94e3cb2518cb5b534fa4b6e7eec8e751343f41b5536faf788f607d53562c42879219117021a1b0df9f0f3f15a7a39890b5ed96e27b5c70841b7ec3594576
-
SSDEEP
1536:EkcgYgbig9EhjWNMSTdwp++la/oPK5fOm3N:Ej8ijWNw++ldo
Malware Config
Targets
-
-
Target
cmd.exe
-
Size
55KB
-
MD5
c80fa6946b999e10575655b52972e294
-
SHA1
4b2b7d490c1f84bc210a2aa3bdb02929e2dbae1c
-
SHA256
9fe80b59926a0d8fa97ce49a1ee7564a8a2464283d3df047a9af7eea2356d3f5
-
SHA512
e80e94e3cb2518cb5b534fa4b6e7eec8e751343f41b5536faf788f607d53562c42879219117021a1b0df9f0f3f15a7a39890b5ed96e27b5c70841b7ec3594576
-
SSDEEP
1536:EkcgYgbig9EhjWNMSTdwp++la/oPK5fOm3N:Ej8ijWNw++ldo
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-