General
-
Target
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f
-
Size
346KB
-
Sample
220712-m5c1waaah2
-
MD5
99df60e4e6bd3497f40736a408dd0a46
-
SHA1
d02937c29a00c4d15fbcb19a9afd85a9ad3fce6b
-
SHA256
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f
-
SHA512
aa902f62c05b5682209459d354dc70d243125612fff1000879b5ee0d32b58c8b503a140942376483ad41de4c4d29502bf3f3f92a4a910418f9af3b5cf6671f32
Static task
static1
Behavioral task
behavioral1
Sample
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-1819626980-2277161760-1023733287-1000\HOW TO DECRYPT FILES.txt
repair_data@scryptmail.com
3KxEZKjS4ifAHhX2o1fq9tERkAshSgA4hg
https://coinatmradar.com/
https://www.localbitcoins.com/
Targets
-
-
Target
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f
-
Size
346KB
-
MD5
99df60e4e6bd3497f40736a408dd0a46
-
SHA1
d02937c29a00c4d15fbcb19a9afd85a9ad3fce6b
-
SHA256
4b190a407bca89dd4778afa551bdc58dddff26fc5fe7622453e836ecdfaf565f
-
SHA512
aa902f62c05b5682209459d354dc70d243125612fff1000879b5ee0d32b58c8b503a140942376483ad41de4c4d29502bf3f3f92a4a910418f9af3b5cf6671f32
Score10/10-
Detected Xorist Ransomware
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-