egregor | 4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce | Triage

Sharing

General

Target

FoneTool_setup.exe
Size

181.2MB
Sample

240307-sw34laef23
MD5

bacde97b524dfea3f7651d79ff9c6cb5
SHA1

3729876fc38bd07a49a578c41a52af2101683fc5
SHA256

4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce
SHA512

5cae32ab6340baeedb76ae5ce6b70b647893ae5a052272db5994a50ff325fb8b9dc9e3745f49b3ebacc9ae91c968b26834b2f29208b2265d434dcd82cabd8964
SSDEEP

3145728:rd3NggXs1bvaJJswsIfZX1reXIx6PhAgSUnSMJW9HAHKtYYrhv7JdJHCXKU+Pcn1:rd3JXs1b7wFfr5xQSMQ9gHKtzRN/4fjp

Score

10^/10

egregor persistence ransomware

Malware Config

Targets

- Target
  
  FoneTool_setup.exe
- Size
  
  181.2MB
- MD5
  
  bacde97b524dfea3f7651d79ff9c6cb5
- SHA1
  
  3729876fc38bd07a49a578c41a52af2101683fc5
- SHA256
  
  4d0b1acb70b620853c9b42b954eb7b7176f5e268fc9bc4b2639a309f7a4417ce
- SHA512
  
  5cae32ab6340baeedb76ae5ce6b70b647893ae5a052272db5994a50ff325fb8b9dc9e3745f49b3ebacc9ae91c968b26834b2f29208b2265d434dcd82cabd8964
- SSDEEP
  
  3145728:rd3NggXs1bvaJJswsIfZX1reXIx6PhAgSUnSMJW9HAHKtYYrhv7JdJHCXKU+Pcn1:rd3JXs1b7wFfr5xQSMQ9gHKtzRN/4fjp
Score

10^/10

egregor persistence ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

egregorpersistenceransomware