Overview

overview

10

Static

static

1

PulseSecure.x64.msi

windows7-x64

10

PulseSecure.x64.msi

windows10-2004-x64

6

Resubmissions

25-03-2024 14:16

240325-rllacsad98 10

25-03-2024 14:13

240325-rjc6zaad46 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PulseSecure.x64.msi

  • Size

    33.4MB

  • Sample

    240325-rjc6zaad46

  • MD5

    f964f4407a704040a3896ae03bc400b2

  • SHA1

    d02f8d469112f2a4ce22239477e56fb5baf238b3

  • SHA256

    11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac

  • SHA512

    7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69

  • SSDEEP

    786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR

Score
10/10
egregordiscoverypersistenceransomware

Malware Config

Targets

    • Target

      PulseSecure.x64.msi

    • Size

      33.4MB

    • MD5

      f964f4407a704040a3896ae03bc400b2

    • SHA1

      d02f8d469112f2a4ce22239477e56fb5baf238b3

    • SHA256

      11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac

    • SHA512

      7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69

    • SSDEEP

      786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR

    Score
    10/10
    egregordiscoverypersistenceransomware

    • Detected Egregor ransomware

    • Egregor Ransomware

      Variant of the Sekhmet ransomware first seen in September 2020.

      ransomwareegregor

    • Drops file in Drivers directory

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks