General

  • Target

    7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607

  • Size

    1.7MB

  • Sample

    221126-tl6meafe99

  • MD5

    0eb2c7f3c2bad42f17f601554a974724

  • SHA1

    e8a2300d3182d6997f0e45f36cf706ac2a6bb9bb

  • SHA256

    7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607

  • SHA512

    34366f26e304d7c4276c68535b4e2a855db5496781e7b0788a947c9f7af5b1f525b3d613dbe573de350825871573695d5755031a8beaaee0169d90341559157e

  • SSDEEP

    49152:8YnFxxpJWx3pYVSMSRXV09e6cfjNTXygz:8YnFPCx3ESHRAe6MTCgz

Malware Config

Targets

    • Target

      7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607

    • Size

      1.7MB

    • MD5

      0eb2c7f3c2bad42f17f601554a974724

    • SHA1

      e8a2300d3182d6997f0e45f36cf706ac2a6bb9bb

    • SHA256

      7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607

    • SHA512

      34366f26e304d7c4276c68535b4e2a855db5496781e7b0788a947c9f7af5b1f525b3d613dbe573de350825871573695d5755031a8beaaee0169d90341559157e

    • SSDEEP

      49152:8YnFxxpJWx3pYVSMSRXV09e6cfjNTXygz:8YnFPCx3ESHRAe6MTCgz

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks