General

  • Target

    d0d749be284a74e6276002d6ee37959f0737a8427856ab190e6e9586f22d4fa2

  • Size

    7KB

  • Sample

    221028-j8glpafdgr

  • MD5

    5d46d851558adab2374ec9206f0b621b

  • SHA1

    07b39753ba49f541654ae3b04b1ced70accafdb1

  • SHA256

    d0d749be284a74e6276002d6ee37959f0737a8427856ab190e6e9586f22d4fa2

  • SHA512

    28709716c45e7fe9dc0b650293e47dcbcf39a586dd2ea5cbe005de4a4372eea71d45340778022d449f8df0887ada5f1b469905159b96d9bdf798df9caa41a685

  • SSDEEP

    96:V3Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExHM+0zZTLIQi9D+LxMU:Bzdrr1FG1WDCgmjPZudTlgDWxMUA

Malware Config

Targets

    • Target

      d0d749be284a74e6276002d6ee37959f0737a8427856ab190e6e9586f22d4fa2

    • Size

      7KB

    • MD5

      5d46d851558adab2374ec9206f0b621b

    • SHA1

      07b39753ba49f541654ae3b04b1ced70accafdb1

    • SHA256

      d0d749be284a74e6276002d6ee37959f0737a8427856ab190e6e9586f22d4fa2

    • SHA512

      28709716c45e7fe9dc0b650293e47dcbcf39a586dd2ea5cbe005de4a4372eea71d45340778022d449f8df0887ada5f1b469905159b96d9bdf798df9caa41a685

    • SSDEEP

      96:V3Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExHM+0zZTLIQi9D+LxMU:Bzdrr1FG1WDCgmjPZudTlgDWxMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks