General

  • Target

    676bd3d0e169bed4737c1ec64abe8a247d12eebdfd18f08d5f702160afe88908.exe

  • Size

    7KB

  • Sample

    221014-g52rcabeh5

  • MD5

    b617aa412996a5a4e31195a8d9cc2992

  • SHA1

    7dec93330ecf29d9ace0443b8e5c69ddaf23a1b0

  • SHA256

    676bd3d0e169bed4737c1ec64abe8a247d12eebdfd18f08d5f702160afe88908

  • SHA512

    211a94769cfc75a2970bd4d6d27a4e56aa06f562be3be65655c0526b2e3241107d6a7495579010d21b482f81f71cf683c797cd192f0c4f85d532da143b7e5400

  • SSDEEP

    96:VsZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExqpl8t5dM5NSPYxImNO4:Kzdrr1FG1WDCgmjPZqqM5wQMtMUA

Malware Config

Targets

    • Target

      676bd3d0e169bed4737c1ec64abe8a247d12eebdfd18f08d5f702160afe88908.exe

    • Size

      7KB

    • MD5

      b617aa412996a5a4e31195a8d9cc2992

    • SHA1

      7dec93330ecf29d9ace0443b8e5c69ddaf23a1b0

    • SHA256

      676bd3d0e169bed4737c1ec64abe8a247d12eebdfd18f08d5f702160afe88908

    • SHA512

      211a94769cfc75a2970bd4d6d27a4e56aa06f562be3be65655c0526b2e3241107d6a7495579010d21b482f81f71cf683c797cd192f0c4f85d532da143b7e5400

    • SSDEEP

      96:VsZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExqpl8t5dM5NSPYxImNO4:Kzdrr1FG1WDCgmjPZqqM5wQMtMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks