egregor | 89df1eb47e24963acda027076d670844dd2923fdd76546046afba32ab783cb6c

Sharing

Copy URL

Twitter E-mail

General

Target

AllGifts.zip
Size

743.0MB
Sample

240307-sg3jhseb28
MD5

0dfa60fd3b452378d5fd149e323145cc
SHA1

6c3f5a0bd8ba84d40f54ec62602ace46eaa41034
SHA256

89df1eb47e24963acda027076d670844dd2923fdd76546046afba32ab783cb6c
SHA512

dffe4aa73e073bcf6bdb5921794846fe4ef7f78bbb836339f48d7ab91909d6ff8530e95a910acfe8da775b8c5e7e9723cf61a86e93f37a2b3d51435869cd8394
SSDEEP

12582912:ZPqXkLJLmO+Rc8EVXgS+ywWCCfmyXQqZ1eBlUbGA+gEQfuISUQ1sNq9uoUtA27:EXS1+c8EVwS+tafmyXDOvgnWIXEsA9AJ

Score

10^/10

Malware Config

Targets

- Target
  
  AOMEIBackupperSetup.exe
- Size
  
  122.9MB
- MD5
  
  dda8bd6c99fe29fddfbdd31d2e66d4f0
- SHA1
  
  5c7f878b6273e89ec1bb4afc6df44ea1cc16ecf4
- SHA256
  
  f4ce867a89a65467bd16ed1b744dec7dbe8e0439653e3cbacbc0f472f16dc541
- SHA512
  
  6cabe39b9e1e20d4ad2b429f813a10a3e3e0d83846557d192bf953ed46170e6bb232a821b8e0efe5016fd0bb67b17c7e41aed909b934331529118255442047df
- SSDEEP
  
  3145728:Lafv2ZUw0hkI6aCO4K9rdU9vhn1Jph080DWS9L:LaWIB4K9xURhn1Jph07SiL
Score

7^/10

discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  AOMEICyberBackupFree.exe
- Size
  
  221.2MB
- MD5
  
  2e5c0bc2dd3e3bd228268cf849997a5d
- SHA1
  
  603d29b5f8a65562f332fca4449b7c4eac6ae20f
- SHA256
  
  30c07bfc24f3319881b765d06d77b43b26fe5dd686d8c3f3d800a381328f9908
- SHA512
  
  42de49b5e67df1141bf1f54d6261081a4820e34ea1412397c32fe67057e48e6b3e2304221590a9d59bd2598f45b8594b63732bbca51dabdf917e61f0fa54a556
- SSDEEP
  
  6291456:3XNgDQfHLw1rFQX3bmCoy3tCQtBJ4qi4MMPG+BD:ffHLw5FQqCHdCQtBJ4H44y
Score

4^/10
behavioral3 behavioral4
- Target
  
  CBackupSetup.exe
- Size
  
  33.6MB
- MD5
  
  b4f13a3078b128a011d436fa28bcd88d
- SHA1
  
  fd52af5b2f757fd4714ab67c6168d7ad60296457
- SHA256
  
  ee36e42b3e50cc6e0ac888250701938e76a6517dbcabda7f8c912a84db5674ae
- SHA512
  
  3f0ecf2f3732043a250e2a329ae8e2fe2e48f7bda2a05afc2fe0cc302e902ee5d94cbfcc8316df8aabf255c5675061cd94a8737d5c675ef36de7aa9d5f78aa84
- SSDEEP
  
  786432:dUHEO1DiRKnn73T6L7snKbo8g7UW8b7fNsZHDerblSJ9daGFq:dzcn73O7nb3iU9b7e9erJSzs
Score

4^/10
behavioral5 behavioral6
- Target
  
  FoneTool_setup.exe
- Size
  
  181.2MB
- MD5
  
  bacde97b524dfea3f7651d79ff9c6cb5
- SHA1
  
  3729876fc38bd07a49a578c41a52af2101683fc5
- SHA256
  
  4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce
- SHA512
  
  5cae32ab6340baeedb76ae5ce6b70b647893ae5a052272db5994a50ff325fb8b9dc9e3745f49b3ebacc9ae91c968b26834b2f29208b2265d434dcd82cabd8964
- SSDEEP
  
  3145728:rd3NggXs1bvaJJswsIfZX1reXIx6PhAgSUnSMJW9HAHKtYYrhv7JdJHCXKU+Pcn1:rd3JXs1b7wFfr5xQSMQ9gHKtzRN/4fjp
Score

10^/10

egregor ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
behavioral7 behavioral8
- Target
  
  MyRecover_WinSetup.exe
- Size
  
  38.9MB
- MD5
  
  3567449018ac404227e656f871e1211c
- SHA1
  
  648c156e6c577b67e94d95c7ca615c1b47db5ee1
- SHA256
  
  714319604cc380bbd4b1d3562aed6aa6b1873e6df23ae338aa614242acd47090
- SHA512
  
  c9c8fe497af2887162b0ada8744a8eae0f9d67820cb9ac7a7dad8c8f250f9e244ef02bedd6c7ce3c38f518e44dff104d2f1b7de0188692dd79520f838c2efff9
- SSDEEP
  
  786432:ZgsREetCXWaKXTrbsR919Cfk7IWeSIsC9ptFqOFB5ZKynZaw0:Zgz4AR91gf8IvHFB5MyZw
Score

4^/10
behavioral10 behavioral9
- Target
  
  MyRecover_for_iOS_Setup.exe
- Size
  
  150.2MB
- MD5
  
  711914b787f57f86d85e9c94b363fe1a
- SHA1
  
  7b7bd150b40ab943382312e9acabd9ee265c214e
- SHA256
  
  07f3ca1a27b3530377b10d00b2bf3501e44e89d76f97c293ce29796416c14c5e
- SHA512
  
  8993399a4a57741ebfbeef46e3b52fe6a066441d3ee15842b342d09bed8187b01b305fc9429af824009460410498fd56666f98c006466b9e3d317bd2a13dbc18
- SSDEEP
  
  3145728:ATZoffPTtbXgviwTwBl6dbTuvkfbPYLVKcVm0:Ao3pgaU0l6devkkLVdm0
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Checks computer location settings

Drops file in System32 directory

Detected Egregor ransomware

Egregor Ransomware

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12