General
-
Target
PulseSecure.x64.msi
-
Size
33.4MB
-
Sample
240325-rllacsad98
-
MD5
f964f4407a704040a3896ae03bc400b2
-
SHA1
d02f8d469112f2a4ce22239477e56fb5baf238b3
-
SHA256
11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac
-
SHA512
7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69
-
SSDEEP
786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR
Static task
static1
Behavioral task
behavioral1
Sample
PulseSecure.x64.msi
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
PulseSecure.x64.msi
-
Size
33.4MB
-
MD5
f964f4407a704040a3896ae03bc400b2
-
SHA1
d02f8d469112f2a4ce22239477e56fb5baf238b3
-
SHA256
11ab83f539594d106f32524d1fda608cd30002d49ae0e28f8a820af8ca94ffac
-
SHA512
7b661b7df6fccfc911349f5b466bfac473a40a7c52940b261427b2a41e02b99a070a46f11260a589c590caacb0774e1b46898e61de2aa22793ed203cbc5e6f69
-
SSDEEP
786432:8h4lrFK8ec0LrBhhRxqpxPnoMZ1za8El9JbWhH:8h4HK8e/RxqpxP1jvR
Score10/10-
Detected Egregor ransomware
-
Drops file in Drivers directory
-
Modifies file permissions
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-