General
-
Target
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c.exe
-
Size
70KB
-
Sample
210419-x2brzda4kx
-
MD5
0a6cc2a5fd2701a3d80cca1438c4950d
-
SHA1
260f28d8fde4bccee35b4c5a80568ca431e13435
-
SHA256
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c
-
SHA512
e70ce320f088aec289b9ae8c5ed539d6f10581544b53a23053746514744f51556c8fcdb193f6c88421b1bc22e5bdfd1270c5048e9fb8da391e5dcc0d2a157152
Static task
static1
Behavioral task
behavioral1
Sample
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c.exe
Resource
win10v20210408
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-2455352368-1077083310-2879168483-1000\HOW TO DECRYPT FILES.txt
btcontact@protonmail.com
Targets
-
-
Target
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c.exe
-
Size
70KB
-
MD5
0a6cc2a5fd2701a3d80cca1438c4950d
-
SHA1
260f28d8fde4bccee35b4c5a80568ca431e13435
-
SHA256
5acebee8f450c294dcaad9165a1e3dd27ff027e99cca65564546e6ea2818b91c
-
SHA512
e70ce320f088aec289b9ae8c5ed539d6f10581544b53a23053746514744f51556c8fcdb193f6c88421b1bc22e5bdfd1270c5048e9fb8da391e5dcc0d2a157152
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-