General
-
Target
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0
-
Size
1.7MB
-
Sample
221029-svnyaadbal
-
MD5
da038f272b0b93f0826e4283e15d0fb5
-
SHA1
5cbe114a36377528cbfd1e3e137b991380f70abb
-
SHA256
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0
-
SHA512
3fbee6de83522d954f7cb9824cfe316fd6f713dd8a33931f74d66cb7294fdccfa2300ea0c7242aa6c1ab11c0e6d7182a467615d52ab5eb3d7258a0803220223a
-
SSDEEP
49152:yYnFxxpJWCqb6t08+9UyVpiDnaC7mV5RmrjhkJZZvl:yYnFPC9b6+8snVkFCwrjhSl
Behavioral task
behavioral1
Sample
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\HOW TO DECRYPT FILES.txt
1HwP1tFUu64upXhNsEjuunAaF6Yh9VT2s5
Targets
-
-
Target
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0
-
Size
1.7MB
-
MD5
da038f272b0b93f0826e4283e15d0fb5
-
SHA1
5cbe114a36377528cbfd1e3e137b991380f70abb
-
SHA256
f4af0ac6adecdca36a32b013cb709851c2cd732e20db6ec55e9036bd352e2fe0
-
SHA512
3fbee6de83522d954f7cb9824cfe316fd6f713dd8a33931f74d66cb7294fdccfa2300ea0c7242aa6c1ab11c0e6d7182a467615d52ab5eb3d7258a0803220223a
-
SSDEEP
49152:yYnFxxpJWCqb6t08+9UyVpiDnaC7mV5RmrjhkJZZvl:yYnFPC9b6+8snVkFCwrjhSl
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-