Overview

overview

10

Static

static

1

FoneTool_setup.exe

windows7-x64

10

FoneTool_setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FoneToolSetup.zip

  • Size

    179.4MB

  • Sample

    240307-sq44psfd5s

  • MD5

    71d00e19adac073f0c0b5625be4e11e3

  • SHA1

    a332398b57884d36971e3fcb7898e34e70d37ae3

  • SHA256

    d5403042288027ae782055f3815b7eb30111ccaee30790fa5ade13bcd6ee3b80

  • SHA512

    abdb558f18ae26e5544f25318c934a68721e826516eefe0e84df2260a10be73c08c51e5051b3e2794a4ab057244860d0345318cb7eafe70bccb7f54c877292d8

  • SSDEEP

    3145728:BXLgUHGPVlqLRam6S915Lv4HwPMNLIUYQ/CAxMzXoL4BSgnlDdV7tHsRWgOPwdMt:BX7HGPVdm79DxPGCA6zYL4BxdxL6p91E

Score
10/10
egregordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      FoneTool_setup.exe

    • Size

      181.2MB

    • MD5

      bacde97b524dfea3f7651d79ff9c6cb5

    • SHA1

      3729876fc38bd07a49a578c41a52af2101683fc5

    • SHA256

      4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce

    • SHA512

      5cae32ab6340baeedb76ae5ce6b70b647893ae5a052272db5994a50ff325fb8b9dc9e3745f49b3ebacc9ae91c968b26834b2f29208b2265d434dcd82cabd8964

    • SSDEEP

      3145728:rd3NggXs1bvaJJswsIfZX1reXIx6PhAgSUnSMJW9HAHKtYYrhv7JdJHCXKU+Pcn1:rd3JXs1b7wFfr5xQSMQ9gHKtzRN/4fjp

    Score
    10/10
    egregordiscoverypersistenceransomware

    • Detected Egregor ransomware

    • Egregor Ransomware

      Variant of the Sekhmet ransomware first seen in September 2020.

      ransomwareegregor

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks