General

  • Target

    e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0

  • Size

    26KB

  • Sample

    221129-xywjragg32

  • MD5

    69cf0d9cc7110102811dc6fb8176f1e3

  • SHA1

    a4aa1c048bf70cdb7eeb9be436624f596491acf1

  • SHA256

    e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0

  • SHA512

    11126a601fec9fc2bbd82c581c6394d7680ae0fcfbf6440163e4883c8ee8358cb0eb366a3e852ae1f515b382c5c994614cc8f83967a82034f2ebffc7fcb906c4

  • SSDEEP

    768:g9rVDCxIf0dkPSQNrsFrX1tiq1UTJh5L3A:g9r4xo0dkqcCtCTJhJ

Malware Config

Targets

    • Target

      e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0

    • Size

      26KB

    • MD5

      69cf0d9cc7110102811dc6fb8176f1e3

    • SHA1

      a4aa1c048bf70cdb7eeb9be436624f596491acf1

    • SHA256

      e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0

    • SHA512

      11126a601fec9fc2bbd82c581c6394d7680ae0fcfbf6440163e4883c8ee8358cb0eb366a3e852ae1f515b382c5c994614cc8f83967a82034f2ebffc7fcb906c4

    • SSDEEP

      768:g9rVDCxIf0dkPSQNrsFrX1tiq1UTJh5L3A:g9r4xo0dkqcCtCTJhJ

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks