General
-
Target
2024-07-29_745c05bb7d78133a8b0fd74ac6526cfb_phobos
-
Size
50KB
-
Sample
240729-h7l94sserc
-
MD5
745c05bb7d78133a8b0fd74ac6526cfb
-
SHA1
a3b9060cd2677228478e1401cd35a6fbe6de01b7
-
SHA256
6b8a013b0f6223aa5984034cd7ea60a968860255658313386969bd5d15b6139b
-
SHA512
840800e9614d9cd7875c2d398d3a32f87fcfcb4a38feaa67cdf75b7383fe3cb6daf2e93deab67b10ffee02b83c5b6ab6da991dabfbb335ba427f06c61d3afb09
-
SSDEEP
768:ZvrNNeRBl5JFTXqwXrkgrn/9/HiDKGwRj4RcTdyH4pYT3nPKVU1Er4bkCnrS3:jNeRBl5PT/rx1mzwRMSTdLpJr4bk6g
Malware Config
Targets
-
-
Target
2024-07-29_745c05bb7d78133a8b0fd74ac6526cfb_phobos
-
Size
50KB
-
MD5
745c05bb7d78133a8b0fd74ac6526cfb
-
SHA1
a3b9060cd2677228478e1401cd35a6fbe6de01b7
-
SHA256
6b8a013b0f6223aa5984034cd7ea60a968860255658313386969bd5d15b6139b
-
SHA512
840800e9614d9cd7875c2d398d3a32f87fcfcb4a38feaa67cdf75b7383fe3cb6daf2e93deab67b10ffee02b83c5b6ab6da991dabfbb335ba427f06c61d3afb09
-
SSDEEP
768:ZvrNNeRBl5JFTXqwXrkgrn/9/HiDKGwRj4RcTdyH4pYT3nPKVU1Er4bkCnrS3:jNeRBl5PT/rx1mzwRMSTdLpJr4bk6g
Score10/10-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (284) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1