General
-
Target
rundll64.exe
-
Size
236KB
-
Sample
230502-h4cw9saa44
-
MD5
4165a3dba3c7ac26b225f8623f70ebaa
-
SHA1
587df43d63da7dfd726a4bb8f39877647cc07da0
-
SHA256
523d97331fcef84ff767dbb01836766d8b1be9bbeb3d76e9fda3a02ad46fd976
-
SHA512
43ad74651aad95f16bd17f6fea857534c6c6502cb0c06262092e7b10ab59a27b663565668d6fd4436c72a114f632ab6940fc4f1914d165eba7e5a8a8b5743b8e
-
SSDEEP
6144:qb/A0SeQu0hL2cyBt2iOjese1HSCRhECwt6:q8D5P2ICsDCRhQ6
Malware Config
Targets
-
-
Target
rundll64.exe
-
Size
236KB
-
MD5
4165a3dba3c7ac26b225f8623f70ebaa
-
SHA1
587df43d63da7dfd726a4bb8f39877647cc07da0
-
SHA256
523d97331fcef84ff767dbb01836766d8b1be9bbeb3d76e9fda3a02ad46fd976
-
SHA512
43ad74651aad95f16bd17f6fea857534c6c6502cb0c06262092e7b10ab59a27b663565668d6fd4436c72a114f632ab6940fc4f1914d165eba7e5a8a8b5743b8e
-
SSDEEP
6144:qb/A0SeQu0hL2cyBt2iOjese1HSCRhECwt6:q8D5P2ICsDCRhQ6
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-