General
-
Target
WindowsUpdate.bin.exe
-
Size
57KB
-
Sample
230308-f2j7fsdg2w
-
MD5
8f7bc58c754d6fb7bb0b31fe8a5821e3
-
SHA1
f2dccd378d7be5e6bddbf133a78369fdc800432b
-
SHA256
71b46e95fba31267475537a338f49ce1cd0bc56c0f15346b05b673051cbe90a8
-
SHA512
765be9549ed493432dc4945f1987982254b25308cc3b757ef1eca23b75517adc7ea4fe10f0aaafc35dd021bcba668d9f3a8e5a9e70ffc5e50ddfae3c014f28e3
-
SSDEEP
1536:vNeRBl5PT/rx1mzwRMSTdLpJ//OGCDmR+53H:vQRrmzwR5JLCKyX
Malware Config
Targets
-
-
Target
WindowsUpdate.bin.exe
-
Size
57KB
-
MD5
8f7bc58c754d6fb7bb0b31fe8a5821e3
-
SHA1
f2dccd378d7be5e6bddbf133a78369fdc800432b
-
SHA256
71b46e95fba31267475537a338f49ce1cd0bc56c0f15346b05b673051cbe90a8
-
SHA512
765be9549ed493432dc4945f1987982254b25308cc3b757ef1eca23b75517adc7ea4fe10f0aaafc35dd021bcba668d9f3a8e5a9e70ffc5e50ddfae3c014f28e3
-
SSDEEP
1536:vNeRBl5PT/rx1mzwRMSTdLpJ//OGCDmR+53H:vQRrmzwR5JLCKyX
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-