General
-
Target
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d
-
Size
1.7MB
-
Sample
221127-c6a8kadc99
-
MD5
fccb6259312fe93379e009f93d499fc9
-
SHA1
d246d9f4d6b4142388218f74bc3ecda432258c08
-
SHA256
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d
-
SHA512
d9068bbe2188d03ad14860a72dcf8aac71aece00ee16534c955fd91c3223e70ee4b0362cffc4de28a7dd6f11bc739897922655dee6cc585238d6f978df36802d
-
SSDEEP
49152:MYnFxxpJW/nxkvua6jDboCYPRca0z0mXjlE7q/DfSq:MYnFPCJkv16jDbHYuvXpE74Sq
Behavioral task
behavioral1
Sample
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d
-
Size
1.7MB
-
MD5
fccb6259312fe93379e009f93d499fc9
-
SHA1
d246d9f4d6b4142388218f74bc3ecda432258c08
-
SHA256
2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d
-
SHA512
d9068bbe2188d03ad14860a72dcf8aac71aece00ee16534c955fd91c3223e70ee4b0362cffc4de28a7dd6f11bc739897922655dee6cc585238d6f978df36802d
-
SSDEEP
49152:MYnFxxpJW/nxkvua6jDboCYPRca0z0mXjlE7q/DfSq:MYnFPCJkv16jDbHYuvXpE74Sq
Score10/10-
Detected Xorist Ransomware
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-