General
-
Target
AOMEI FoneBackup.zip
-
Size
1.6MB
-
Sample
241224-b6nyzsyjev
-
MD5
d1808cd3253ae134121f185983e01fde
-
SHA1
e8b0b82b947a39f5be5bead15160a210295bb8ad
-
SHA256
b3cecae5cc4b1093b004f2ce0bffa048f8076ee1c57ad7b142d0e76ded9b0a24
-
SHA512
abc768cc788b71a43963032dc2ea91069a85cade55cbe4da9b7096344349f8afb2d611797194541fd8443e2aca9126e87663cdf42bee2488a7b29fc111fe37e5
-
SSDEEP
49152:t6xmIXu/HEAhWgl1h8ettul7VtQ1jj6jejX1eJJ3Rq:t6sPHEAhWgl1yett+7HQ1jj8Yler3Q
Behavioral task
behavioral1
Sample
AOMEI FoneBackup/FoneBackupSetup_installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AOMEI FoneBackup/FoneBackupSetup_installer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AOMEI FoneBackup/FoneBackupSetup_installer.exe
-
Size
1.9MB
-
MD5
b909e74fadec9c95f37e67e03fc2353b
-
SHA1
5109c8ae9f663b6dfdc3bd6499cf51142195703c
-
SHA256
dba0f608b96363fab6d5e02f814d223fe8f518d9eb51d2feec38582df2554384
-
SHA512
3c9cc9930163168a95435e3800135bb66a6b701615dc6cda1cf86cfb5a18621307dba1387aa76c9b6e74d531e5890086f2c77a0e289f51112c29adf41d796f42
-
SSDEEP
49152:MgQqq8B6xO5um29MK4Ry7hBPKJMKtnqvWrlN:MJ8B6xOk546PM3nqvsH
-
Detected Egregor ransomware
-
Egregor family
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1