exorcist | 9aa75631b7a56a84117e5aed0540fb74dfcde2c36d52744156381c9161603e28 | Triage

Submit
Reports

Overview

overview

9

Static

static

build-x32....in.exe

windows7_x64

9

build-x32....in.exe

windows10_x64

9

Resubmissions

23-07-2020 14:59

200723-qeb9jz5z6e 10

23-07-2020 13:40

200723-1el7ztcngs 10

Sharing

General

Target

build-x32.crypt.bin.zip
Size

19KB
Sample

200723-1el7ztcngs
MD5

44406e1afbf3858f1021681334c19e0b
SHA1

c3ddb9631fe00c67738744446e0b7f5293d454a6
SHA256

9aa75631b7a56a84117e5aed0540fb74dfcde2c36d52744156381c9161603e28
SHA512

628a9677db5c704728e58f58b089d7fb7e1c8eca30feea8f0f8d31d76cccce670990ed5f8ec096685e76512ce3c3d8706f60c4766b6996be58960fa0e8bf7ea3

Score

10^/10

exorcist persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

build-x32.crypt.bin.exe

Resource

win7

ransomware persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

build-x32.crypt.bin.exe

Resource

win10

ransomware persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  build-x32.crypt.bin
- Size
  
  43KB
- MD5
  
  0d256ab0a8b8b7a3b3d4aaf566189ca6
- SHA1
  
  2f0142e0f5a21822fd9e391246b6cc470f4089a1
- SHA256
  
  f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7f
- SHA512
  
  19afeb080a691f287b902455269b6de051e93e0c9afbd00ed9166e6fb4c11e2b6d8eea53dabc2b8b465c7bcac9130e379115f0b9ea48420cff9c71788232fe7a
Score

10^/10

ransomware exorcist persistence
- Exorcist
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

ransomwarepersistence

behavioral2

ransomwarepersistence

© 2018-2024

Terms | Privacy