xorist | 6059871321227264[.]zip | Triage

Sharing

General

Target

6059871321227264.zip
Size

190KB
MD5

d670333be42dfb91a9a031e1693d6efe
SHA1

53c0eabf5541f8be14107f3e18b53ba1ad8d8828
SHA256

a20a1cd9fa52d3f6bc62b6b629df2273d1c579f0fffce69d2bc64895c692fb19
SHA512

3d6c025431632dc5eba4fe6a7feb5ba4fa24892717f02b123c96ba1989dc866d4d931f097da270b774404dea5b4b7d6df3db1b12879431f084b6676a679221af

Score

10^/10

upx xorist netwalker

Malware Config

Signatures

Detected Netwalker Ransomware 1 IoCs

Detected unpacked Netwalker executable.

resource	yara_rule
static1/unpack001/9a9bf626d4a3e9afe613f7eaa347acac600de2aecc45a5706aa2ba386625eed6	netwalker_ransomware

Detected Xorist Ransomware 2 IoCs

resource	yara_rule
static1/unpack001/155eaec829906d3b03ce5f8064200bcdb4023886816550dfd91bb5d20571df23	family_xorist
static1/unpack001/8a68388787a97c83448898eedb045f620f225538992467bae0ee5c1a1ca4dc97	family_xorist

Netwalker family
netwalker
Xorist family
xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/8a68388787a97c83448898eedb045f620f225538992467bae0ee5c1a1ca4dc97	upx

Files

6059871321227264.zip
.zip

Password: infected
155eaec829906d3b03ce5f8064200bcdb4023886816550dfd91bb5d20571df23
.exe windows x86
8a68388787a97c83448898eedb045f620f225538992467bae0ee5c1a1ca4dc97
.exe windows x86
9a9bf626d4a3e9afe613f7eaa347acac600de2aecc45a5706aa2ba386625eed6
.exe windows x86
a9fb354944ee5879b6e13381952889c604d850fe18ef552185a1c228b3bb3d06
.exe windows x86