Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540.exe

  • Size

    24KB

  • MD5

    3aea97ef58d132d994d6160ae232c6e7

  • SHA1

    de2146322b6a533ccf5ace0f1edcb6cf92d34179

  • SHA256

    067f997e6fe9eac1a47d9a54d6dd22414721ad895e6352714a11779de8d66540

  • SHA512

    a48d3ab7b7e35d1f24f1319831ffdc1c2dc9f4ededa0007684ff2515edf39e727915eafc124fa752082b0e1534ddf37a2ed12be18d9aadc72391b57cf5b6f9c4

  • SSDEEP

    384:Y3Mg/bqo2CUTermpEdwdcJAr91Ci7IJvOe2:mqo2Yrmpfd0Ar9xame2

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (191) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1

• • Target

    0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1.exe

  • Size

    97KB

  • MD5

    8881f3e50b9f1bcb315769e24b76a3cc

  • SHA1

    f6f21445663a197b8f88a7a2fdbc4cbe2bf3be51

  • SHA256

    0c0c9a19db1f89d94ddcd8af54fa631798e3ccc82743faae6d9818759f2dbcc1

  • SHA512

    dde4d848499dd0eb92982358ad2990a82c22e2c1738a0387ca03dfadfd602b9fe429570815acf648aebc11e5337b1bc44b77e58f4aabd2f9ca5be88f6a34111b

  • SSDEEP

    1536:JxqjQ+P04wsmJCf5HqwoOFcqZNeRBl5PT/rx1mzwRMSTdLpJ1M:sr85CfxbtcSQRrmzwR5JS

  Score

  10^/10

  neshtaphobosevasionpersistenceransomwarespywarestealer

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (317) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral2

• • Target

    1a8f35d0f2b1a11a5b30e6f05ee5c9e93542fc2f559f8e66cf67f2a1b6ccbeb9.exe

  • Size

    92KB

  • MD5

    a23219bddf6b154ca2f5afa89cb2b0c3

  • SHA1

    0d63eb57023770b53b6b31f669a03bbdb7a2465b

  • SHA256

    1a8f35d0f2b1a11a5b30e6f05ee5c9e93542fc2f559f8e66cf67f2a1b6ccbeb9

  • SHA512

    65583cfa9c2d77330e15a5bfce430831b53bf1b018757fa8778618bef44b87b15d20a9bbcd80a1526bb6c582df3b8ff55f0cc7b002c4a1655c3f1ace01d54172

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4AYgfEHB0tRYn+9jsGGqbg8IIvoBec5wOmh:Hw+asqN5aW/hLmDHyt0KaIvogn

  Score

  1^/10
  behavioral3

• • Target

    2354403f00f096f700e5616ed1a5ccd40fe53a1bb35a5e93e429f5f24fa4483b.exe

  • Size

    92KB

  • MD5

    16cd194650559b6d6772f58141ddc942

  • SHA1

    2d297e642b1707dba55df3cf5cebbf1ca89b677e

  • SHA256

    2354403f00f096f700e5616ed1a5ccd40fe53a1bb35a5e93e429f5f24fa4483b

  • SHA512

    6ae7a2a9923b0f147b7b4fcfd20b81bc931f3c9fe3ea0052b1ace3e9614bd8b194b3d436c7034817423b446a20bd85f4c1256f32f51a1bb23b89c4038f2b5fa5

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4Azgoa1M//fj2n4mc4SSo9R6ZaNESSP:Hw+asqN5aW/hLXa1MHfj24mbFWRH

  Score

  1^/10
  behavioral4

• • Target

    240ac12f9c13ef1fdfbc77e16978f0423a41a3cc1c3dcb8786ba8e7672811f0b.exe

  • Size

    24KB

  • MD5

    63d533fb228e802c9c774ef75ff043fa

  • SHA1

    16515f05ed0ae98bcbd3de8290704b516bc58080

  • SHA256

    240ac12f9c13ef1fdfbc77e16978f0423a41a3cc1c3dcb8786ba8e7672811f0b

  • SHA512

    9f428e10f018e1e65dc17b65937505a30932a74285aa23df4a8e875ba47ec60510cfa693a7d44e8ec81c6e25aa91c4a462b67902b0fe0190641d5b149d9ff4b1

  • SSDEEP

    384:F3MLWHn3kIcuOxPRe2zpOUsB6vSkaJZAr91Cz+mLRsOeN:1n3kIcPfpbear9i+BOeN

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral5

• • Target

    276727bfacdeba0ba864fd6ccecab5fd0f244576dc503d7cf148a4deb90fc136.exe

  • Size

    92KB

  • MD5

    58402f0f41e3bfecbea9ca1bcc0f0c2b

  • SHA1

    0a2b11df94790e1121c17e350eb846a236e0fbcf

  • SHA256

    276727bfacdeba0ba864fd6ccecab5fd0f244576dc503d7cf148a4deb90fc136

  • SHA512

    8155d0a3364ea067260ba9ad432e126b1da33a2c4c1c5f585112851c5765363cd6cc426263ef430b559e9b35eea938e19bf7cc2e50e6a6c356bba030664f9123

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4ALTroZbj0zTzn5W9qN9PI1fFznJGf0yG:Qw+asqN5aW/hLlTroZUzTz5W9qrI1JIH

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (317) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral6

• • Target

    280a75ca5ca5dc8e106f6f6e2005fe3e23b6c35e296d5639b00b5b6daba8c38e.exe

  • Size

    40KB

  • MD5

    deb90cbd18c233c18803a38db5799a52

  • SHA1

    bdecb3a9b1e7048fddf645bc5c17f0f8342468b8

  • SHA256

    280a75ca5ca5dc8e106f6f6e2005fe3e23b6c35e296d5639b00b5b6daba8c38e

  • SHA512

    bf0d637d15dde553654b7384bd3458ce12e7a4a9e8fa37c68808538655cdc7d57ef490474adcc2fbc910946710841b4e8a013d254b15ce96c8b73ddbce291211

  • SSDEEP

    384:febFNw4Pk1itKkpAjj/3nrI9oRg1qYvjSfkDCgScjUZhGXq8VMBAciu:f0FmBkpKjPMXcY73DCsjSG2Ni

  Score

  1^/10
  behavioral7

• • Target

    2e8af1ad4bb1e9f1bfdd3a04bf28363bbcdb3653e6aa4864f61b09c050378d51.exe

  • Size

    31KB

  • MD5

    3fdd9b2402350844b482aa6076e18d22

  • SHA1

    81034b4deb144ecdf21cb213e455a84ea319812c

  • SHA256

    2e8af1ad4bb1e9f1bfdd3a04bf28363bbcdb3653e6aa4864f61b09c050378d51

  • SHA512

    cedd5b9899cac6cce702c011ea7b9168ede0fe3e83a9ccd20f4e42f726c9b0a78ada6bf8b6863aeafc14d62500af8e347c4627b69233f96a2ae4df02c21549a4

  • SSDEEP

    384:y3Mg/bqo284ujNI2pl6VwTwJrjr91CzJ8lC12ntnGeC:Iqo27uj+2pIw4rjr9kJ8lCEtGeC

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (205) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral8

• • Target

    32c51906c182c8c92afbc93cbe674d1b24d855f5f4f0c4c82d076691cce4c7ec.exe

  • Size

    92KB

  • MD5

    b94b59ce09ac8e8be119a4c4b7fdaab6

  • SHA1

    228b0dd92b685122f293d7f72b12f61754ce3d74

  • SHA256

    32c51906c182c8c92afbc93cbe674d1b24d855f5f4f0c4c82d076691cce4c7ec

  • SHA512

    7f3167a989cb7a30e139d5a879b0c0bec4345339fdca6c06a07d17ff717bbed7465ac8de1fef134c532edf75dd19ee0ef7bcaa3a2b95200e91de0b1c8d04d26e

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4Ak5aKqliACD/ZSAqYhF4sUOuy2VedCL:Hw+asqN5aW/hL65ukZzZSRsUOcD

  Score

  1^/10
  behavioral9

• • Target

    3e84def5eeae88ab28d21de08581e68e46fd9a94b5fee35d609d6f73a92a9e96.exe

  • Size

    92KB

  • MD5

    67ce18845fd67549dd470a10662decae

  • SHA1

    e3f3adc21fcd172edba23fac6ad528a6b0bb4daf

  • SHA256

    3e84def5eeae88ab28d21de08581e68e46fd9a94b5fee35d609d6f73a92a9e96

  • SHA512

    8e76952539e212b1930765b22fa4b5c4b9ae1c9bac38b189bc2dbcf7397a3793bbee9e081cafeac8d82bbc5f27ddae2b241e9be1f5eeb4979e1ef70b5eff6800

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4A6RQmnQHs28YNMA8m0kQED86T:Hw+asqN5aW/hLjJs2HMAwkQe86

  Score

  1^/10
  behavioral10

• • Target

    403b8f1ce98aeb6f4a7cfc23693c5a9799e0239806a4850b4eaad58ab7bedb40.exe

  • Size

    92KB

  • MD5

    8739058c3caec449e8e3b061d6f03206

  • SHA1

    8d92b7b42a57ace6134d325088c5c59577139ca5

  • SHA256

    403b8f1ce98aeb6f4a7cfc23693c5a9799e0239806a4850b4eaad58ab7bedb40

  • SHA512

    e79ea19c63f71643eb29afa3b232d9a53ddda84bec9746e1708d09ab90fb3a10bb1f85c8b7151b2b30e5f9ec421458eacf34cc38253921d62d755b14dce5d4e2

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4Aeo85hz8I4DvvAGGHMXBZQ3:Hw+asqN5aW/hL/85ZqvvApMXBu

  Score

  1^/10
  behavioral11

• • Target

    4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325.exe

  • Size

    12KB

  • MD5

    784d3d48c9f583292a9928697d7cf87b

  • SHA1

    c6dbd334524d6e6361550995c33a76ad0b6793aa

  • SHA256

    4731758b5f792686547e861c6bd86ccf88ddb63cba6fa6b048a46cfc5f146325

  • SHA512

    ae2a34a08c35dca812812d21dedb2bde3f2153b5e25dff18b866be501630a7705f93a64e428577af7e3588a301f0c9dd309cf79513f4a7bd0b0b5e66edba2e52

  • SSDEEP

    192:S/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMonWNo:SebFNw4Pk1itKkpAjjI2Ypdmo0o

  Score

  9^/10

  persistenceransomwarespywarestealer

  • Renames multiple (2137) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops file in Drivers directory

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral12

• • Target

    4c21b335baf9907cfaec588f25354b804b3d59f3882d923fbaf0d929b933ef49.exe

  • Size

    92KB

  • MD5

    ee524170a7ffc7ad48afc3a1e7377943

  • SHA1

    c9c8725012fbf7e9651b2e1519eaf17e86a65658

  • SHA256

    4c21b335baf9907cfaec588f25354b804b3d59f3882d923fbaf0d929b933ef49

  • SHA512

    d0efb486382698190e2d95090d04d70282a07315fae162b339d2d935ffabf5c1b22576aaa2ca2fbd5469d21354d097e05d6da5368706aa5e318c90f5a9825d43

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4AYotGG5Gq5XgH7id4NkzpvjNU4lm:Qw+asqN5aW/hL/GKp5wbk4Nkzphvo

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (230) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral13

• • Target

    4c99ac9f69cf03b60583b12f94fe442da74178f53030bd2b7703b1d53da6a135.exe

  • Size

    92KB

  • MD5

    71a04ec7f0242ca16b60a08c6d2c77d8

  • SHA1

    cd82760b8a30aecafffb08f37a05510e33362f6b

  • SHA256

    4c99ac9f69cf03b60583b12f94fe442da74178f53030bd2b7703b1d53da6a135

  • SHA512

    c1113d46a8cba899bf9dadc4cefa6ccdd975f7c0dd20aceb24a57de38d91b2beb44789b164bd01db1797c77ebd75d2d993707f87e9b6f89746c024e03f19a72b

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4ArygRKhD8DtuGgUN9ZmYPzY5ZSwgrsI:Hw+asqN5aW/hL0gRKhD8DtuGgami21ks

  Score

  1^/10
  behavioral14

• • Target

    4fbbd67a32384a485efb0efb9e958a9f7b7a879d3945b16ccf80a8580bd935a7.exe

  • Size

    29KB

  • MD5

    9ca8e64065e6beaad07fc7b472c2617f

  • SHA1

    0f91d62f996b0ec76addca130fb4f3b87e604d0f

  • SHA256

    4fbbd67a32384a485efb0efb9e958a9f7b7a879d3945b16ccf80a8580bd935a7

  • SHA512

    e12b98a8111222f0bc918de5bd24ba2ef018fed28a3c81dd7775055142bd4e7ab29c62bfcde4a7d481caf8050dfb879d9df604d056fd50382015034cd30782f3

  • SSDEEP

    384:BtWZPzzxAm1vwt9IryJS74WtRQ2bqlhlsNpGB0lFOy5o919rWXyw82vO:o7zxAmoIryJS1RQCqCN4uho9DriJ82m

  Score

  10^/10

  chaosransomware

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  behavioral15

• • Target

    622e2834e51caa303d120c7503d8fcce671226a0342d7be0f8cf546b44cee195.exe

  • Size

    92KB

  • MD5

    e096b294d0ed5f42ca68bc41c47ac27a

  • SHA1

    1d5601986887ead48d036f1401330b8c9fd59eeb

  • SHA256

    622e2834e51caa303d120c7503d8fcce671226a0342d7be0f8cf546b44cee195

  • SHA512

    4d8ead3774210c552a0633db886ea1bfd3c13fcd51fd60efe9b7db8f27ff1a5a6ae4394cbcd8ec01b5514492966b118c4647efcea191313e4f1ec3536ba937ba

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4Ah610ButurulYOGLwf6v7ctk:Qw+asqN5aW/hLnbfSGOGLpv7c+

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (311) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral16

• • Target

    6734e7474c81f5b7b0c006a17b79f59e3281f45f03910ddeeae2ea05291655fd.exe

  • Size

    92KB

  • MD5

    3ecf963ff8585fd26fc180e3fbfd413a

  • SHA1

    f11d313a67b1b38db4f0164a9d9ea6447f70b28d

  • SHA256

    6734e7474c81f5b7b0c006a17b79f59e3281f45f03910ddeeae2ea05291655fd

  • SHA512

    040c4307285a1543616b4af6094886af4b9410ed2e46f18079312fff0c9e0c69bc6e8c9eebf26bcdf62fb8e9332e93b5dd8f3761a07b975b8320e5b137ae54f2

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4AaFAFLZYEKox+2yZzOcJwqCsQ:Hw+asqN5aW/hL0FABKa6S

  Score

  1^/10
  behavioral17

• • Target

    67a00565a4c5fc9f08543cb10bfa3858801f87a558e21ad36d514c9bedb10e5d.exe

  • Size

    92KB

  • MD5

    7166d5ba7fae799b13403100dc26648a

  • SHA1

    b917bbab06e5f6ded669a7a1350398f1a233a3c8

  • SHA256

    67a00565a4c5fc9f08543cb10bfa3858801f87a558e21ad36d514c9bedb10e5d

  • SHA512

    1e2e350862e157cbde0549312d800acd7812b93bd3c2574e63eaa34f9a8fb0efbd1914517d3a131c825f18f740837adb01540ef1d59c9561e4268359903bb462

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4AqXeiKozyHj0vThU2BHYZsX3AZMgLzw4g:Hw+asqN5aW/hLMXeHoYQbhvYZD84

  Score

  1^/10
  behavioral18

• • Target

    6e228df5e458ddcd6a9b5284418b6101cb988315d3910f1b422d511135acd462.exe

  • Size

    92KB

  • MD5

    0e6469ddffd4511d8ea4d2ee5eab4e9d

  • SHA1

    7e2cb399c6623a61c239971ffbdd7fbd9dbf8470

  • SHA256

    6e228df5e458ddcd6a9b5284418b6101cb988315d3910f1b422d511135acd462

  • SHA512

    27de4c89201832b6739006ef17aa820a82842a16c879255a9ece9d75a076b08e12a9cfd323f01dcfa1c9fc88f299b007d5314bb79a81b49e2b6465f2e4788ddf

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4AjKUDX/oCPj2oKKH4JxirQL74mQ2C:Hw+asqN5aW/hLloGokrQI72C

  Score

  1^/10
  behavioral19

• • Target

    7b93299c4559e89716a9b37f4a43c1b084c610ad1d9d8e462a1383320e299503.exe

  • Size

    92KB

  • MD5

    35428935f5bdc42cd696f1fe9641891a

  • SHA1

    030f19364f83bf97c8a3761e217d818a1d789b28

  • SHA256

    7b93299c4559e89716a9b37f4a43c1b084c610ad1d9d8e462a1383320e299503

  • SHA512

    a368c6c3fe5ed55bff8465d8f3237124912e768cb3e3d2760e9e442141a60966eefbf9a992f170881cee66e282f4f7d48909c66a9836dee151f29f7f53613dc0

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4AaL1jUTvZo9rka35/jRfpa76v+RkUJ:Hw+asqN5aW/hLSUTho9rv31jzW6vnw

  Score

  1^/10
  behavioral20

• • Target

    7c2a9bae3bbdc9e38516754d76a192d6a3ce37849c06a8a8d3b06fb7f75916c1.exe

  • Size

    56KB

  • MD5

    e3d064afc3476b131db81cd483a5c87a

  • SHA1

    600fc81eddb1a44ae97e9565cab9d22363dd3711

  • SHA256

    7c2a9bae3bbdc9e38516754d76a192d6a3ce37849c06a8a8d3b06fb7f75916c1

  • SHA512

    76b9dd263f9daa1ae9abb01eb8ab78f4871d49c8a4474138fee45ce791faf760608fb7f2817aae4e031c81b1563167ba3cb0efce3d25c97ac9b1bf6e79a43874

  • SSDEEP

    1536:eNeRBl5PT/rx1mzwRMSTdLpJ1/4aE2i9hfVxOD+H:eQRrmzwR5JV/E2G5VYD+H

  Score

  10^/10

  phobosevasionpersistenceransomwarespywarestealer

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (315) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral21

• • Target

    7d9c97a133997396b0625a5d2b762fb8b333f5152d4dd893c7a463cc41372ab5.exe

  • Size

    56KB

  • MD5

    891671a3dbedc9f31325acd29ec912bf

  • SHA1

    9d0f4cb30fdf9cf55948306190e3f71a72cff9f0

  • SHA256

    7d9c97a133997396b0625a5d2b762fb8b333f5152d4dd893c7a463cc41372ab5

  • SHA512

    014488fad8ecfa5dd583d14e7084f4c9f6eb180aa3f06157546467f6b545a849a90afb04eff0f20cc7d11d1a04986e260ddcf6d97a09ab7798022640706fc6ee

  • SSDEEP

    1536:CNeRBl5PT/rx1mzwRMSTdLpJ/VeHOR8ZJ+EJ:CQRrmzwR5JdeHG8ZJVJ

  Score

  10^/10

  phobosevasionpersistenceransomwarespywarestealer

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (307) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral22

• • Target

    83b294975e094024bdeb90f5cdeb9832304cf6879a27eee5cfe08650e5731674.exe

  • Size

    92KB

  • MD5

    f0584531c7e28b1f8b3b9cdab6e22faf

  • SHA1

    d6d1628c3154be80499c3d23d981db32438c4028

  • SHA256

    83b294975e094024bdeb90f5cdeb9832304cf6879a27eee5cfe08650e5731674

  • SHA512

    04d23952ade7e5a6ec4b9b79e37dcd39795864852a5a10c7d02359918014cc8f332286a990a30222b230e66d7bd6d9675b0f43d7d3b655954e077d8fa097b056

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4A3KOO3guHp0caS0nlTjuSHGOVCJyk/:Hw+asqN5aW/hLYb0HXTjuSHGxJy6

  Score

  1^/10
  behavioral23

• • Target

    9b0cfabed9fbf6b05c74e5a31eb500fea0691c84fa736dd25e8e5013a35f038e.exe

  • Size

    27KB

  • MD5

    cc4c6842f8a31ee3ac6477b42d34acba

  • SHA1

    ce6e9918189e9187143e0e012356bec98988c035

  • SHA256

    9b0cfabed9fbf6b05c74e5a31eb500fea0691c84fa736dd25e8e5013a35f038e

  • SHA512

    25b31b5065d3a625ce11d922cdcc6293c021aaf3ebd9460b5fd317e548c5cf6e6a173ec0062cb129b0f1f9262d6403bd585f697aca71aff86d7c577cfe6ddf93

  • SSDEEP

    384:atWZPzzxAm1vp5Z+HxbEWx0OeuBbIzlXOy5o91Sk5n82vt:f7zxAmpwb70Oeu1who91h82V

  Score

  10^/10

  chaospersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral24

• • Target

    aa63528bf720d3f9b31e91945a576afa4c609a09c07b3bbfc29351d760a71ccd.exe

  • Size

    92KB

  • MD5

    3fdb650cb7d17cc8c639d44ee11ee91b

  • SHA1

    bb0da74121cacfc68ea590b1e9a1603e094363d6

  • SHA256

    aa63528bf720d3f9b31e91945a576afa4c609a09c07b3bbfc29351d760a71ccd

  • SHA512

    6e01f0e776895c82b67c17409595130a5da3b838b8b26f29403a0a1bde435efa48f26d37ea01828689e4815820dcddba26c9d7c2b6e916cf6c96a2ffb6ba21ca

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4Af5yoswkqcXI/33TyUcIXzmfq:Hw+asqN5aW/hLl5y3d9XoD5vDK

  Score

  1^/10
  behavioral25

• • Target

    b54d6dc708eade0818fcf91e59c7dbe37267abbe43a1672fb5f1c126e021ad7d.exe

  • Size

    56KB

  • MD5

    dc09c3148ba09028fe0a43efd287917b

  • SHA1

    fea5a0668ddd1a7278c934276c2efada3ee2287a

  • SHA256

    b54d6dc708eade0818fcf91e59c7dbe37267abbe43a1672fb5f1c126e021ad7d

  • SHA512

    ee411ef051eb03bdb1f9bbddda987ec08bc80ab0c431b78abb52926794530db29e4a01ccbb325c15225d530e579b8f5678a948a378ebf70e8aa071d528505c36

  • SSDEEP

    1536:sNeRBl5PT/rx1mzwRMSTdLpJjYizrtZF:sQRrmzwR5J9zrZ

  Score

  10^/10

  phobosevasionpersistenceransomwarespywarestealer

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (312) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral26

• • Target

    b6b2c1f4bbe4259e0279a0c3db98a69db12ab6ae0b549085c714f1497f3c8300.exe

  • Size

    92KB

  • MD5

    be47139183c40fceb264c6946627b93f

  • SHA1

    06f645d6afc2f909dbdf61c0982dcd74126bc5f5

  • SHA256

    b6b2c1f4bbe4259e0279a0c3db98a69db12ab6ae0b549085c714f1497f3c8300

  • SHA512

    eebd19694a2ac660c89ad2b323c7b871deaa3099065c8298d5135b3ce1bb56d751cb049b55099ffe78c54eb2a00561970dfdd184dde950534433b26c47696a73

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4AeAI3cCVuogqtNp6XNUS7fvUHkd:Qw+asqN5aW/hLdIseKqtneN7X0M

  Score

  10^/10

  dharmapersistenceransomwarespywarestealer

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (279) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral27

• • Target

    ba43b2eb4865f24c9e04bdd6cd885202267e831ef797df32eb602dd91ff36ffb.exe

  • Size

    38KB

  • MD5

    ee53f13814a90ccdbb478e9724fbbf5d

  • SHA1

    bc5e16aa82cbf97d305be67d51de9b77973c774b

  • SHA256

    ba43b2eb4865f24c9e04bdd6cd885202267e831ef797df32eb602dd91ff36ffb

  • SHA512

    f03338e82225d40516951dddee542fde124f8da2eb3b7966c06112e6e671a3a2709e0aae17974649166f784cead3273e78296ec952b49f7226312f4b4a9c697a

  • SSDEEP

    384:bebFNw4Pk1itKkpAjj/3nr5QZqYvjS3kDCgSfncvesMBAciu:b0FmBkpKjPS4Y7fDCfcvINi

  Score

  1^/10
  behavioral28

• • Target

    cc43fc18d6d1dc662ad747652cd961152ee13dbf2cea9bf75564f3e2e8ffd2e8.exe

  • Size

    56KB

  • MD5

    6c8a41af3344dc63c4a21990f11b4e96

  • SHA1

    0cf67235a9a94f016dfd2d0b0416415f38502a6d

  • SHA256

    cc43fc18d6d1dc662ad747652cd961152ee13dbf2cea9bf75564f3e2e8ffd2e8

  • SHA512

    bd15674b2a89957b2735a2860fc211c99e494da32a46e913cf9c2d4e9e71131cd7d2894b6fa968825f8f2418d2b9427f8422e8fb498b0c83216e8436f01f9690

  • SSDEEP

    1536:3NeRBl5PT/rx1mzwRMSTdLpJdfeYm+L8i1NNw:3QRrmzwR5JXJL1D

  Score

  10^/10

  phobosevasionpersistenceransomwarespywarestealer

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (306) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral29

• • Target

    d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf.exe

  • Size

    55KB

  • MD5

    498ee5cf9c611ba7ed2379414d0bb010

  • SHA1

    c4f779d08633a53e7a03c702eafbe3314055aa18

  • SHA256

    d50b23e12c661bb78fa3cb317e679fabc4178600048572368bec173a520e4aaf

  • SHA512

    8dad911c0b59485dafd6ddcf879774016f8d63690085d4840e422b44735e82140ad177e9e7663b6cc474214461693219142b55e93fd853a593925752fbaa2761

  • SSDEEP

    1536:KNeRBl5PT/rx1mzwRMSTdLpJYXRBawzpK:KQRrmzwR5J4e

  Score

  10^/10

  phobosevasionpersistenceransomwarespywarestealer

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (68) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral30

• • Target

    ebb17d81ffb02c01b4f49c7267246f243272ca2aecda68a44e89a33f74a47a0f.exe

  • Size

    92KB

  • MD5

    b55a6a785c1fab2b52afc9656c639e02

  • SHA1

    b2edddd040d4071666679c6be75f916f4982f1e2

  • SHA256

    ebb17d81ffb02c01b4f49c7267246f243272ca2aecda68a44e89a33f74a47a0f

  • SHA512

    ee5dab0188e94af221ecea3b41962f86ff6be87930cccf5370e7434f33e8302956396f517a5dda9cc9afa7d64638b3399777d55561859c255e3c9812de21a60b

  • SSDEEP

    1536:tBwl+KXpsqN5vlwWYyhY9S4A7I1cRtMoKAk0izr4tXyjvb/GSA:Hw+asqN5aW/hLZjEn0rloG

  Score

  1^/10
  behavioral31

• • Target

    ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda.exe

  • Size

    23KB

  • MD5

    71d9e6ee26d46c4dbb3d8e6df19dda7d

  • SHA1

    a88176cdd3df153349104442eac4e2d1c416e457

  • SHA256

    ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda

  • SHA512

    d6a61d6d32bf636bec7948323a422116b359dadf78e55327633ad5c3de41e6c15dcadd27a8c53453ef14dd63184c22dee82420b99338f5cc7359e9f6ec50cca7

  • SSDEEP

    384:eebFNw4Pk1itKkpAjjI2Ypdm/nYi/8lhRea16Wv88oyLOixGqKWW0o:e0FmBkpKjPYpudR4v8x3iAE

  Score

  10^/10

  persistenceransomware

  • Renames multiple (1943) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral32