xorist | 5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a

General

Target

5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
Size

7KB
Sample

221124-e4v63acd8z
MD5

31b39332874eca4bca19319073c479e2
SHA1

2038839be53dc9ef2d3981d2ddbfb8ff5cfb2eaf
SHA256

5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
SHA512

8347c8b63d03d1248e1b505ca171837a0a73237183b14ab2044336013c06cc0cc8f651baf33b5009b4411ad40000e89e423463f3f7192e5a69e5ed388b13c301
SSDEEP

96:FHZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExs3aWOjj7jRmW+1xSqMB:9zdrr1FG1WDCgmjPZs3TgXMlSqMUA

Score

10^/10

Malware Config

Targets

- Target
  
  5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
- Size
  
  7KB
- MD5
  
  31b39332874eca4bca19319073c479e2
- SHA1
  
  2038839be53dc9ef2d3981d2ddbfb8ff5cfb2eaf
- SHA256
  
  5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
- SHA512
  
  8347c8b63d03d1248e1b505ca171837a0a73237183b14ab2044336013c06cc0cc8f651baf33b5009b4411ad40000e89e423463f3f7192e5a69e5ed388b13c301
- SSDEEP
  
  96:FHZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExs3aWOjj7jRmW+1xSqMB:9zdrr1FG1WDCgmjPZs3TgXMlSqMUA
Score

10^/10

xorist persistence ransomware spyware stealer upx
- Detected Xorist Ransomware
- Xorist Ransomware
  Xorist is a ransomware first seen in 2020.
  ransomware xorist
- Drops file in Drivers directory
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Xorist Ransomware

Xorist Ransomware

Drops file in Drivers directory

Modifies extensions of user files

UPX packed file

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2