exorcist | d7d0688022b5848caf5cbabc1bde628cb74f32e014311f5299ed63241fff72b0 | Triage

Submit
Reports

Overview

overview

Static

static

build-x64-...in.exe

windows7_x64

build-x64-...in.exe

windows10_x64

Resubmissions

23-09-2020 10:35

200923-mkwlt9yalx 10

23-07-2020 14:59

200723-mtbw6t99d2 10

23-07-2020 13:47

200723-5t3mhtw95x 10

Sharing

General

Target

build-x64-crypt.bin.zip
Size

22KB
Sample

200723-5t3mhtw95x
MD5

bbd3fe70b7063821c3e0aab4895f270e
SHA1

86f7aa738e472c99355410e8875cc7c0b6936d48
SHA256

d7d0688022b5848caf5cbabc1bde628cb74f32e014311f5299ed63241fff72b0
SHA512

6948295e7beaa1b10d2219afe2f5eedb002f757d406bc39d069c48e71c88c1a80733ae0cc4dedccfa5e06d592a4a55c7b3c47534d273e5509016598b5e1ac86b

Score

10^/10

exorcist evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

build-x64-crypt.bin.exe

Resource

win7

exorcist evasion ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

build-x64-crypt.bin.exe

Resource

win10

exorcist evasion ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  build-x64-crypt.bin
- Size
  
  52KB
- MD5
  
  8cc13fea61cc0ba1382a779ee46726f0
- SHA1
  
  bd8ef46a02085153605a87fcc047f7ef3d0c4131
- SHA256
  
  eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850
- SHA512
  
  2f317f04b6bda9af58b049cb9bd0032d08c0aa30b8ac8d76b10f738ab11f4cc9f4eca4af3ecf26e610715117e2d68e5f8fb0ac139e60e882cc24fc795bf0a34a
Score

10^/10

exorcist evasion ransomware
- Exorcist Ransomware
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

exorcistevasionransomware

behavioral2

exorcistevasionransomware

© 2018-2024

Terms | Privacy