egregor | d5403042288027ae782055f3815b7eb30111ccaee30790fa5ade13bcd6ee3b80 | Triage

Submit
Reports

Overview

overview

Static

static

1

FoneTool_setup.exe

windows7-x64

FoneTool_setup.exe

windows10-2004-x64

Sharing

General

Target

FoneToolSetup.zip
Size

179.4MB
Sample

240307-sq44psfd5s
MD5

71d00e19adac073f0c0b5625be4e11e3
SHA1

a332398b57884d36971e3fcb7898e34e70d37ae3
SHA256

d5403042288027ae782055f3815b7eb30111ccaee30790fa5ade13bcd6ee3b80
SHA512

abdb558f18ae26e5544f25318c934a68721e826516eefe0e84df2260a10be73c08c51e5051b3e2794a4ab057244860d0345318cb7eafe70bccb7f54c877292d8
SSDEEP

3145728:BXLgUHGPVlqLRam6S915Lv4HwPMNLIUYQ/CAxMzXoL4BSgnlDdV7tHsRWgOPwdMt:BX7HGPVdm79DxPGCA6zYL4BxdxL6p91E

Score

10^/10

egregor discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

FoneTool_setup.exe

Resource

win7-20240220-en

egregor discovery persistence ransomware

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

FoneTool_setup.exe

Resource

win10v2004-20240226-en

egregor ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  FoneTool_setup.exe
- Size
  
  181.2MB
- MD5
  
  bacde97b524dfea3f7651d79ff9c6cb5
- SHA1
  
  3729876fc38bd07a49a578c41a52af2101683fc5
- SHA256
  
  4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce
- SHA512
  
  5cae32ab6340baeedb76ae5ce6b70b647893ae5a052272db5994a50ff325fb8b9dc9e3745f49b3ebacc9ae91c968b26834b2f29208b2265d434dcd82cabd8964
- SSDEEP
  
  3145728:rd3NggXs1bvaJJswsIfZX1reXIx6PhAgSUnSMJW9HAHKtYYrhv7JdJHCXKU+Pcn1:rd3JXs1b7wFfr5xQSMQ9gHKtzRN/4fjp
Score

10^/10

egregor discovery persistence ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

egregordiscoverypersistenceransomware

behavioral2

egregorransomware

© 2018-2024

Terms | Privacy