General

  • Target

    28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f

  • Size

    205KB

  • Sample

    221020-zbry6addfq

  • MD5

    7a81f6f2d3191412127b964458007e30

  • SHA1

    641d98426b33e3cb8a1a6d3e3cb6af2aa5f67770

  • SHA256

    28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f

  • SHA512

    d53e76ea130588d928ff8209c2be55d80be1d1548dc74cf60e4e538aa514bb482bbf6639d5e0fb1bda7b38b98e19c87f49d55826866d40df9e14c83087db92d2

  • SSDEEP

    3072:ZaUW2yi3QbDWbobBjDoKCGICgb7bgI6E9uZQ/SLJjip1:ZaUWrbDWGpDjzgTgI6EMZQ/SLJjif

Malware Config

Targets

    • Target

      28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f

    • Size

      205KB

    • MD5

      7a81f6f2d3191412127b964458007e30

    • SHA1

      641d98426b33e3cb8a1a6d3e3cb6af2aa5f67770

    • SHA256

      28d8cfb640cc462b0c57ce171dbe224ea3b5f067ce976a15c04130b589b2978f

    • SHA512

      d53e76ea130588d928ff8209c2be55d80be1d1548dc74cf60e4e538aa514bb482bbf6639d5e0fb1bda7b38b98e19c87f49d55826866d40df9e14c83087db92d2

    • SSDEEP

      3072:ZaUW2yi3QbDWbobBjDoKCGICgb7bgI6E9uZQ/SLJjip1:ZaUWrbDWGpDjzgTgI6EMZQ/SLJjif

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks