General
-
Target
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e
-
Size
2.0MB
-
Sample
221128-mpz6gacd41
-
MD5
4916a3a62e24567d390eece7fedbb1f1
-
SHA1
d0c220e32263472943d7b717b0655f31f4e905fb
-
SHA256
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e
-
SHA512
24ea01f09c0206672742cefd8d4559c8d3d22ce7a0ba93588e2ee89354ef3f58e30989cb5a8ccfb42e1fd95ab1aad73c8049344a7f2dd38cd5666cba935fd5d0
-
SSDEEP
49152:ZYnFxxpJWR96vHVXT4AlXKr3LLn0h6RXmJ32MjL2mmbH/O:ZYnFPCRYvyAlarPnC6I53pWfO
Behavioral task
behavioral1
Sample
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\HOW TO DECRYPT FILES.txt
1KxyZV8hQR2BuMqPrQjvatjqzmwwjpcJEs
Targets
-
-
Target
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e
-
Size
2.0MB
-
MD5
4916a3a62e24567d390eece7fedbb1f1
-
SHA1
d0c220e32263472943d7b717b0655f31f4e905fb
-
SHA256
d2352980b25e21274fda5ca245b8c17fe26bd7be9f331ce0b4067282486a821e
-
SHA512
24ea01f09c0206672742cefd8d4559c8d3d22ce7a0ba93588e2ee89354ef3f58e30989cb5a8ccfb42e1fd95ab1aad73c8049344a7f2dd38cd5666cba935fd5d0
-
SSDEEP
49152:ZYnFxxpJWR96vHVXT4AlXKr3LLn0h6RXmJ32MjL2mmbH/O:ZYnFPCRYvyAlarPnC6I53pWfO
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-