egregor | 11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac | Triage

Submit
Reports

Overview

overview

Static

static

1

PulseSecure.x64.msi

windows7-x64

PulseSecure.x64.msi

windows10-2004-x64

6

Resubmissions

25-03-2024 14:16

240325-rllacsad98 10

25-03-2024 14:13

240325-rjc6zaad46 10

Sharing

General

Target

PulseSecure.x64.msi
Size

33.4MB
Sample

240325-rjc6zaad46
MD5

f964f4407a704040a3896ae03bc400b2
SHA1

d02f8d469112f2a4ce22239477e56fb5baf238b3
SHA256

11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac
SHA512

7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69
SSDEEP

786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR

Score

10^/10

egregor discovery persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PulseSecure.x64.msi

Resource

win7-20231129-en

egregor discovery persistence ransomware

windows7-x64

27 signatures

300 seconds

Behavioral task

behavioral2

Sample

PulseSecure.x64.msi

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

300 seconds

Malware Config

Targets

- Target
  
  PulseSecure.x64.msi
- Size
  
  33.4MB
- MD5
  
  f964f4407a704040a3896ae03bc400b2
- SHA1
  
  d02f8d469112f2a4ce22239477e56fb5baf238b3
- SHA256
  
  11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac
- SHA512
  
  7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69
- SSDEEP
  
  786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR
Score

10^/10

egregor discovery persistence ransomware
- Detected Egregor ransomware
- Egregor Ransomware
  Variant of the Sekhmet ransomware first seen in September 2020.
  ransomware egregor
- Drops file in Drivers directory
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

egregordiscoverypersistenceransomware

behavioral2

© 2018-2024

Terms | Privacy