General

  • Target

    2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d

  • Size

    1.7MB

  • Sample

    221127-c6a8kadc99

  • MD5

    fccb6259312fe93379e009f93d499fc9

  • SHA1

    d246d9f4d6b4142388218f74bc3ecda432258c08

  • SHA256

    2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d

  • SHA512

    d9068bbe2188d03ad14860a72dcf8aac71aece00ee16534c955fd91c3223e70ee4b0362cffc4de28a7dd6f11bc739897922655dee6cc585238d6f978df36802d

  • SSDEEP

    49152:MYnFxxpJW/nxkvua6jDboCYPRca0z0mXjlE7q/DfSq:MYnFPCJkv16jDbHYuvXpE74Sq

Malware Config

Targets

    • Target

      2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d

    • Size

      1.7MB

    • MD5

      fccb6259312fe93379e009f93d499fc9

    • SHA1

      d246d9f4d6b4142388218f74bc3ecda432258c08

    • SHA256

      2ead89b62a21606827fb66480a4660ef072ec1d8284220a3f848cfa7a4ddb66d

    • SHA512

      d9068bbe2188d03ad14860a72dcf8aac71aece00ee16534c955fd91c3223e70ee4b0362cffc4de28a7dd6f11bc739897922655dee6cc585238d6f978df36802d

    • SSDEEP

      49152:MYnFxxpJW/nxkvua6jDboCYPRca0z0mXjlE7q/DfSq:MYnFPCJkv16jDbHYuvXpE74Sq

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks