exorcist | a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d | Triage

Submit
Reports

Overview

overview

9

Static

static

7e415d5a1b...31.exe

windows7_x64

9

7e415d5a1b...31.exe

windows10_x64

9

Sharing

General

Target

7e415d5a1b1235491cb698eb14817d31.exe
Size

43KB
Sample

200724-b5zwteacds
MD5

7e415d5a1b1235491cb698eb14817d31
SHA1

ca1a94c1be4e51da577e51957428263ca9c0c0ab
SHA256

a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d
SHA512

6c97b54c6b9d7e82f9be371773ffdafa2fbd59b967d4597e737f3b4249215c662403d3f0f8e3527c129334105ff4ce46397b1aed8d4f4ff49a8032b50bc01303

Score

10^/10

exorcist persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

7e415d5a1b1235491cb698eb14817d31.exe

Resource

win7v200722

ransomware persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7e415d5a1b1235491cb698eb14817d31.exe

Resource

win10

ransomware persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7e415d5a1b1235491cb698eb14817d31.exe
- Size
  
  43KB
- MD5
  
  7e415d5a1b1235491cb698eb14817d31
- SHA1
  
  ca1a94c1be4e51da577e51957428263ca9c0c0ab
- SHA256
  
  a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7d
- SHA512
  
  6c97b54c6b9d7e82f9be371773ffdafa2fbd59b967d4597e737f3b4249215c662403d3f0f8e3527c129334105ff4ce46397b1aed8d4f4ff49a8032b50bc01303
Score

10^/10

ransomware exorcist persistence
- Exorcist
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

ransomwarepersistence

behavioral2

ransomwarepersistence

© 2018-2024

Terms | Privacy