General

  • Target

    28b4e5564f649207005d68f8a208a1d3517a1065d8a20503d6166342319567e7

  • Size

    7KB

  • Sample

    221027-vh3a9achhq

  • MD5

    67bb8a3330bb6436c8d0fc4261415204

  • SHA1

    a7b324d839283c1f25c95bd8a55df002a73867ca

  • SHA256

    28b4e5564f649207005d68f8a208a1d3517a1065d8a20503d6166342319567e7

  • SHA512

    631bdd40549435a3c7b71d8b2163fa90fdb2e2e51f31981d711e491fad08566a03ae8dd06db031265234c5a5e82f0fcbd0edd6ba27b420d9b2bd260b5a820969

  • SSDEEP

    96:YFZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExn0OrZB7LclNVAxp97pF:Szdrr1FG1WDCgmjPZnTVtc2vRqMUA

Malware Config

Targets

    • Target

      28b4e5564f649207005d68f8a208a1d3517a1065d8a20503d6166342319567e7

    • Size

      7KB

    • MD5

      67bb8a3330bb6436c8d0fc4261415204

    • SHA1

      a7b324d839283c1f25c95bd8a55df002a73867ca

    • SHA256

      28b4e5564f649207005d68f8a208a1d3517a1065d8a20503d6166342319567e7

    • SHA512

      631bdd40549435a3c7b71d8b2163fa90fdb2e2e51f31981d711e491fad08566a03ae8dd06db031265234c5a5e82f0fcbd0edd6ba27b420d9b2bd260b5a820969

    • SSDEEP

      96:YFZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExn0OrZB7LclNVAxp97pF:Szdrr1FG1WDCgmjPZnTVtc2vRqMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks