Overview

overview

10

Static

static

1

emotet-sto....4.exe

windows7-x64

10

emotet-sto....4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet-stopper-v1.4.exe

  • Size

    293KB

  • MD5

    ee81815d74cc3d07deeb6776dae9f0da

  • SHA1

    1268e0b6dc3c60b03ea436f0783812ec4f85b8a0

  • SHA256

    4b3409b3ca48f1eda3db0bcc76b904d0922d9321b19d3e77580b58f01943afa6

  • SHA512

    a25d8da3a8f50a868e4fd3d901cd7adb108ae6de755a149e38cd6353625a95ce5f84c7ab3a63ead7685c67459bcc677f4c06c8887888092cfc471608e82675db

  • SSDEEP

    6144:QUp0VQJElM+hny4rAOhZzIRF2jmHA5EGyCQjjAOEF8Xw7pPKW:QXSJIThd8OzzIRcWTCQXKFf7pPKW

Score
10/10
phobosdiscoveryransomware

Malware Config

Signatures

  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos
  • Phobos family
    phobos
  • Windows Defender anti-emulation file check 1 TTPs 1 IoCs

    Defender's emulator always creates certain fake files which can be used to detect it.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\emotet-stopper-v1.4.exe
    "C:\Users\Admin\AppData\Local\Temp\emotet-stopper-v1.4.exe"
    1⤵
    • Windows Defender anti-emulation file check
    • System Location Discovery: System Language Discovery
    PID:3148
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:2360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads