egregor | ad5d3ab1ddde2346e12cf4d50db6f1aa75cb12db0ee3ce744057a1aa2ac9e67e | Triage

Sharing

General

Target

file_869fc33541fa49f3ae6d8162a036513a_2023-08-23_12_09_06_465000.zip
Size

99.5MB
Sample

230823-p3dwhacc37
MD5

4ca1d3a70d45e01cbd50835d6a389c5e
SHA1

d3f5b713f57aa291ed982225284b098016c390bd
SHA256

ad5d3ab1ddde2346e12cf4d50db6f1aa75cb12db0ee3ce744057a1aa2ac9e67e
SHA512

1552e50c98ff5dda8d9066bd6bfd596013f7af239bb8cc9cf5183ad38297a890050af93f552567d67fd6914c51783ccbf409259ac8826ff5a1866cb95f492aa2
SSDEEP

3145728:s0j5V+vZDV/0gvmN0/AW08pKvUedg+GH5sulE:NV+vjsN0+8pbeq50

Score

10^/10

egregor ransomware

Malware Config

Targets

- Target
  
  entry_1_0/umbrella-installer-for-talkia.exe
- Size
  
  99.5MB
- MD5
  
  412dfcd64a4f0948f7fcc920326ebb6e
- SHA1
  
  03446d3be14e3173c486bdce97098a7040b1d3fe
- SHA256
  
  174b5a8fdbc649eadcb98e99c5dd144a2f763cc2edbee02c1904c1c6ee5d5d1b
- SHA512
  
  05414e1c8304444f7c1a5794e2ea639e84676b77a00b2ad636e3172589d014fcc3eb858f3004615a7efd36ebd9b93a23dec312998263dccebb2b8d340960f287
- SSDEEP
  
  3145728:QlXHtKf7dHNL0qPulXZyAKcBIhSk5gE2NxmMf2:mt87TYlXKcBlksxa
Score

10^/10

egregor ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

egregorransomware

behavioral2

egregorransomware