General
-
Target
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f
-
Size
205KB
-
Sample
221020-zbry6addfq
-
MD5
7a81f6f2d3191412127b964458007e30
-
SHA1
641d98426b33e3cb8a1a6d3e3cb6af2aa5f67770
-
SHA256
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f
-
SHA512
d53e76ea130588d928ff8209c2be55d80be1d1548dc74cf60e4e538aa514bb482bbf6639d5e0fb1bda7b38b98e19c87f49d55826866d40df9e14c83087db92d2
-
SSDEEP
3072:ZaUW2yi3QbDWbobBjDoKCGICgb7bgI6E9uZQ/SLJjip1:ZaUWrbDWGpDjzgTgI6EMZQ/SLJjif
Static task
static1
Behavioral task
behavioral1
Sample
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f
-
Size
205KB
-
MD5
7a81f6f2d3191412127b964458007e30
-
SHA1
641d98426b33e3cb8a1a6d3e3cb6af2aa5f67770
-
SHA256
28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f
-
SHA512
d53e76ea130588d928ff8209c2be55d80be1d1548dc74cf60e4e538aa514bb482bbf6639d5e0fb1bda7b38b98e19c87f49d55826866d40df9e14c83087db92d2
-
SSDEEP
3072:ZaUW2yi3QbDWbobBjDoKCGICgb7bgI6E9uZQ/SLJjip1:ZaUWrbDWGpDjzgTgI6EMZQ/SLJjif
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-