General
-
Target
176-Phobos.zip
-
Size
39KB
-
Sample
240723-jn6p3swclr
-
MD5
fd04e1ab2bacdd5baedaf6242fb79e41
-
SHA1
c73ff7888457c98a8d775c96035e6bc259c1d747
-
SHA256
9090b682c6219cb43f01d5b3342356ae85685992fac80e5e08667b54439932ea
-
SHA512
58cf5cb8653281581cb3d7c68cabc1e2962b9314af63328f3ccdf45385c29292eec2d533ed2daa9ec7957f23202756e3ff35a367596c777a8868b98e75eccfa1
-
SSDEEP
768:4+SW2AEywpVJU/61jKxYp6vlvybVtA0sUhTvhwKR59Fpel9j4dkpG/:dF2ppVJJ2mg0sUhTmqjFpS9cdk0/
Static task
static1
Behavioral task
behavioral1
Sample
43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc
-
Size
55KB
-
MD5
4e93c194b641d9b849f270531ec14d20
-
SHA1
8b5a21254a0c10e3ca2570eeba490755197b544e
-
SHA256
43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc
-
SHA512
0c6dba53321b00a7b17bde84598de18cad9ecdae1a36209b6f13a99df96abe86987c2cbef132c6bc0ce80de75b4ad15351abd8c0c8e5c83bc17bb4f64713f2ec
-
SSDEEP
1536:YNeRBl5PT/rx1mzwRMSTdLpJZtqoQOcO:YQRrmzwR5JAOF
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (63) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Direct Volume Access
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
3File Deletion
3Modify Registry
1