General
-
Target
aedbddbf7494baaaf759a720d9cd17540d3c171b9cc52a02e0ef9a592bd9cd63_JC.exe
-
Size
630KB
-
Sample
231013-czdecacg34
-
MD5
af682568d545d56f405e1e476421467c
-
SHA1
be54c56243fd37e288825bd1c01880fcc487d322
-
SHA256
aedbddbf7494baaaf759a720d9cd17540d3c171b9cc52a02e0ef9a592bd9cd63
-
SHA512
e9f4a7d6491f60b2ad2e3844813451838c4d548af2400713007cb8d0a768fde2edaea7b18404afcfc6c3d6fcfea27fe7ed521a7a5cefedc4a64b55ac5fda9cb3
-
SSDEEP
12288:LxAF9CSqpcfzoiBYrJyc/eJDVAb76UP66iK:6F9C6zXOrJEJDA75d
Malware Config
Targets
-
-
Target
aedbddbf7494baaaf759a720d9cd17540d3c171b9cc52a02e0ef9a592bd9cd63_JC.exe
-
Size
630KB
-
MD5
af682568d545d56f405e1e476421467c
-
SHA1
be54c56243fd37e288825bd1c01880fcc487d322
-
SHA256
aedbddbf7494baaaf759a720d9cd17540d3c171b9cc52a02e0ef9a592bd9cd63
-
SHA512
e9f4a7d6491f60b2ad2e3844813451838c4d548af2400713007cb8d0a768fde2edaea7b18404afcfc6c3d6fcfea27fe7ed521a7a5cefedc4a64b55ac5fda9cb3
-
SSDEEP
12288:LxAF9CSqpcfzoiBYrJyc/eJDVAb76UP66iK:6F9C6zXOrJEJDA75d
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (110) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (347) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1