General
-
Target
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8
-
Size
42KB
-
Sample
221129-djfefadc81
-
MD5
ae52ae883b02a0c96aff6ebd68203589
-
SHA1
f7d44b9fc385ff312e283e6259194da112024ed5
-
SHA256
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8
-
SHA512
0f66b5a8191cb35316e20a61b38afe777c13f686e4a0d5382b8efafb0597d4051de7ef07bdd1d5b502a98427c77d1a5eddfccb35a6f86076c456a871872c2c86
-
SSDEEP
768:XDPB88ZMN37olhmTsr3i5VQ6zPYovmqNp34H4:Xd88ZEOxwPnmw4H4
Static task
static1
Behavioral task
behavioral1
Sample
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8
-
Size
42KB
-
MD5
ae52ae883b02a0c96aff6ebd68203589
-
SHA1
f7d44b9fc385ff312e283e6259194da112024ed5
-
SHA256
b0b66961ae1c42587da3c0d58073cb6d6e265ca1b8006d7582bf49720083dab8
-
SHA512
0f66b5a8191cb35316e20a61b38afe777c13f686e4a0d5382b8efafb0597d4051de7ef07bdd1d5b502a98427c77d1a5eddfccb35a6f86076c456a871872c2c86
-
SSDEEP
768:XDPB88ZMN37olhmTsr3i5VQ6zPYovmqNp34H4:Xd88ZEOxwPnmw4H4
-
Detected Xorist Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-