exorcist | ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097 | Triage

Submit
Reports

Overview

overview

Static

static

ca680208fb...97.exe

windows7_x64

ca680208fb...97.exe

windows10-2004_x64

Sharing

General

Target

ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097
Size

68KB
Sample

220511-26872afbfr
MD5

f269d24544e8bb4cb82680bb396a5f1b
SHA1

8283f4266a7782308b04a3d03c8b13a38eefaa61
SHA256

ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097
SHA512

c22f51697316c4d29e4b4ef817a1c73d4681fc02b0a2b0fee01e2aaf065d6a3aa04b7defc366cea012a723e600bd80a12083d54bb0907fa0b4cf6f12c41e68d1

Score

10^/10

exorcist ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097.exe

Resource

win7-20220414-en

exorcist ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097.exe

Resource

win10v2004-20220414-en

exorcist ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097
- Size
  
  68KB
- MD5
  
  f269d24544e8bb4cb82680bb396a5f1b
- SHA1
  
  8283f4266a7782308b04a3d03c8b13a38eefaa61
- SHA256
  
  ca680208fb28dca0595ca9f677c7845aca09c1979db0a9d680ad6f6bf30b7097
- SHA512
  
  c22f51697316c4d29e4b4ef817a1c73d4681fc02b0a2b0fee01e2aaf065d6a3aa04b7defc366cea012a723e600bd80a12083d54bb0907fa0b4cf6f12c41e68d1
Score

10^/10

exorcist ransomware suricata
- Exorcist Ransomware
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- suricata: ET MALWARE Exorcist 2.0 Ransomware CnC Activity
  suricata: ET MALWARE Exorcist 2.0 Ransomware CnC Activity
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

exorcistransomwaresuricata

behavioral2

exorcistransomware

© 2018-2024

Terms | Privacy