exorcist | 027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61 | Triage

Sharing

General

Target

f188cf267d209a0209a25bda4bb75b86.exe
Size

43KB
Sample

200724-15z7parj4x
MD5

f188cf267d209a0209a25bda4bb75b86
SHA1

3ef4c199d1b5187784f4d709ab8e1cc6901716e8
SHA256

027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61
SHA512

abe64e07cb279dad66df081d0f374f2948fec444872f09fb968de6b74848414ab354c27598475d919d8a48670e4b42a75eadd6392a550fb727d8422324a9c535

Score

10^/10

exorcist persistence ransomware

Malware Config

Targets

- Target
  
  f188cf267d209a0209a25bda4bb75b86.exe
- Size
  
  43KB
- MD5
  
  f188cf267d209a0209a25bda4bb75b86
- SHA1
  
  3ef4c199d1b5187784f4d709ab8e1cc6901716e8
- SHA256
  
  027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61
- SHA512
  
  abe64e07cb279dad66df081d0f374f2948fec444872f09fb968de6b74848414ab354c27598475d919d8a48670e4b42a75eadd6392a550fb727d8422324a9c535
Score

10^/10

ransomware persistence exorcist
- Exorcist
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarepersistence

behavioral2

ransomwarepersistence