egregor | 235e12739c6e85158918e1c3d2c531d1105372c11619196ff23a4ecde808d049 | Triage

Submit
Reports

Overview

overview

Static

static

3

Silent.Cli...13.exe

windows7-x64

Silent.Cli...13.exe

windows10-2004-x64

Resubmissions

13-08-2023 11:18

230813-nehdcade21 10

19-07-2023 09:13

230719-k6z6pabb6z 10

Sharing

General

Target

Silent.Client.Setup.1.3.13.exe
Size

102.9MB
Sample

230719-k6z6pabb6z
MD5

eaf7774e1334bbf5fe0ad3d034f0ac1a
SHA1

f46b69313e31655da2fcf7495548d6ae196e66ae
SHA256

235e12739c6e85158918e1c3d2c531d1105372c11619196ff23a4ecde808d049
SHA512

d22c27e5636ecfe78959bc2ca41627b1b6addf6932f70fe84cbe1ecfe3e68af24a3c3a7e37ce33797050ebdcb927261dda4618ef996826cc4127deb26e76f5fb
SSDEEP

1572864:WSudEzjkw9eV/OgWSrIO3ds6xlYUsOAYpAB0RVviinopB7MziyXbXkFUQypm1h:WSue4/WSrRa6wUsjKRBiIofDObcbypY

Score

10^/10

egregor discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Silent.Client.Setup.1.3.13.exe

Resource

win7-20230712-en

egregor discovery ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Silent.Client.Setup.1.3.13.exe

Resource

win10v2004-20230703-en

egregor discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Silent.Client.Setup.1.3.13.exe
- Size
  
  102.9MB
- MD5
  
  eaf7774e1334bbf5fe0ad3d034f0ac1a
- SHA1
  
  f46b69313e31655da2fcf7495548d6ae196e66ae
- SHA256
  
  235e12739c6e85158918e1c3d2c531d1105372c11619196ff23a4ecde808d049
- SHA512
  
  d22c27e5636ecfe78959bc2ca41627b1b6addf6932f70fe84cbe1ecfe3e68af24a3c3a7e37ce33797050ebdcb927261dda4618ef996826cc4127deb26e76f5fb
- SSDEEP
  
  1572864:WSudEzjkw9eV/OgWSrIO3ds6xlYUsOAYpAB0RVviinopB7MziyXbXkFUQypm1h:WSue4/WSrRa6wUsjKRBiIofDObcbypY
Score

10^/10

egregor discovery ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

egregordiscoveryransomware

behavioral2

egregordiscoveryransomware

© 2018-2024

Terms | Privacy