Resubmissions

23-11-2020 10:42

201123-snhph417fe 10

10-11-2020 12:08

201110-s1senzaeea 10

05-11-2020 16:42

201105-y9hantbmge 8

General

  • Target

    3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901

  • Size

    583KB

  • Sample

    201123-snhph417fe

  • MD5

    74d4e0e6dcf5cc7942c35e630036af0c

  • SHA1

    c7c4bb3907344aed022d181eb73f8fd812e06f88

  • SHA256

    3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901

  • SHA512

    110bb901dacc153fb484673fd033d2c0f9a3f7cbfd73a46f54c44c1f699796844b68db5a860cbbb5be08c03f4ad9dfcd25feb71fc8a9b37445e137a002e6a8eb

Malware Config

Targets

    • Target

      3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901

    • Size

      583KB

    • MD5

      74d4e0e6dcf5cc7942c35e630036af0c

    • SHA1

      c7c4bb3907344aed022d181eb73f8fd812e06f88

    • SHA256

      3e275093a5ad4b2083eda47dfd2e9053cae044f7990a323c6f649093a8d00901

    • SHA512

      110bb901dacc153fb484673fd033d2c0f9a3f7cbfd73a46f54c44c1f699796844b68db5a860cbbb5be08c03f4ad9dfcd25feb71fc8a9b37445e137a002e6a8eb

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Executes dropped EXE

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks