General
-
Target
2024-07-04_59c8cb742a11df36c95c368a3f254113_phobos
-
Size
55KB
-
Sample
240704-g5wv4aycmp
-
MD5
59c8cb742a11df36c95c368a3f254113
-
SHA1
7a9ac8f22d2178b5f2ef117e784f106e641d86c4
-
SHA256
1abef22287ce3d4f8cf5a682532152813722677114b6c8e5f0a3db92fc45861a
-
SHA512
b05c01ca798176a06994df8accd91b88a4e830d1445a794039a8b75bc3a673cc7c68340796fc2cd8d6a90c1ff612e7c66f2b10301cd4e67457309fa4cbad62cc
-
SSDEEP
1536:ZNeRBl5PT/rx1mzwRMSTdLpJhONDqRhuZaa:ZQRrmzwR5JKDcuZ
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-04_59c8cb742a11df36c95c368a3f254113_phobos.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-07-04_59c8cb742a11df36c95c368a3f254113_phobos.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\info.hta
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
http://www.w3.org/TR/html4/strict.dtd'>
Targets
-
-
Target
2024-07-04_59c8cb742a11df36c95c368a3f254113_phobos
-
Size
55KB
-
MD5
59c8cb742a11df36c95c368a3f254113
-
SHA1
7a9ac8f22d2178b5f2ef117e784f106e641d86c4
-
SHA256
1abef22287ce3d4f8cf5a682532152813722677114b6c8e5f0a3db92fc45861a
-
SHA512
b05c01ca798176a06994df8accd91b88a4e830d1445a794039a8b75bc3a673cc7c68340796fc2cd8d6a90c1ff612e7c66f2b10301cd4e67457309fa4cbad62cc
-
SSDEEP
1536:ZNeRBl5PT/rx1mzwRMSTdLpJhONDqRhuZaa:ZQRrmzwR5JKDcuZ
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (318) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Indicator Removal
3File Deletion
3Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Direct Volume Access
1