General

  • Target

    7ad9dcacb6952a1c8568c1b0c79c7ca1e0b655563d866736614754bf3dba98ce

  • Size

    7KB

  • Sample

    221018-xa9rgagfg6

  • MD5

    f812b93dfc7b5001dc285c25ad63db02

  • SHA1

    492d8df2c78fa8f4a6a570b14cc2e38d847c118e

  • SHA256

    7ad9dcacb6952a1c8568c1b0c79c7ca1e0b655563d866736614754bf3dba98ce

  • SHA512

    9bec0d2716ba1bd2fe427f197738468e8c591a3fed40e0d498971e34bc133c776165904d82719bd1580b389c5dabeb5910fceb24cf927789008f421793c45d6e

  • SSDEEP

    96:1NZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExeWkw5dM5NSPYxIm5c+i:fzdrr1FG1WDCgmjPZetQM5wQk+RMUA

Malware Config

Targets

    • Target

      7ad9dcacb6952a1c8568c1b0c79c7ca1e0b655563d866736614754bf3dba98ce

    • Size

      7KB

    • MD5

      f812b93dfc7b5001dc285c25ad63db02

    • SHA1

      492d8df2c78fa8f4a6a570b14cc2e38d847c118e

    • SHA256

      7ad9dcacb6952a1c8568c1b0c79c7ca1e0b655563d866736614754bf3dba98ce

    • SHA512

      9bec0d2716ba1bd2fe427f197738468e8c591a3fed40e0d498971e34bc133c776165904d82719bd1580b389c5dabeb5910fceb24cf927789008f421793c45d6e

    • SSDEEP

      96:1NZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExeWkw5dM5NSPYxIm5c+i:fzdrr1FG1WDCgmjPZetQM5wQk+RMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks