General

  • Target

    ef76093be4e89ad81c574682b95a5ff063b4e2862b4d37ec771a1407a939cdb3

  • Size

    7KB

  • Sample

    221203-wttc6agf8x

  • MD5

    96a177658393f78ba503ab1d1275b33e

  • SHA1

    14eb079b30c83f892f6207a87b2e864e26b7be8c

  • SHA256

    ef76093be4e89ad81c574682b95a5ff063b4e2862b4d37ec771a1407a939cdb3

  • SHA512

    8e7d6355b5672948e7fb5edc410b5dec951e9e4a9231036e82fe2df1cc3f240c22587da9a0a3b539068ce4d61fc7816889ff2534913b665c35243d1a73e79a8f

  • SSDEEP

    96:lQdZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExwshxjnMMUA:Qzdrr1FG1WDCgmjPZwoxjMMUA

Malware Config

Targets

    • Target

      ef76093be4e89ad81c574682b95a5ff063b4e2862b4d37ec771a1407a939cdb3

    • Size

      7KB

    • MD5

      96a177658393f78ba503ab1d1275b33e

    • SHA1

      14eb079b30c83f892f6207a87b2e864e26b7be8c

    • SHA256

      ef76093be4e89ad81c574682b95a5ff063b4e2862b4d37ec771a1407a939cdb3

    • SHA512

      8e7d6355b5672948e7fb5edc410b5dec951e9e4a9231036e82fe2df1cc3f240c22587da9a0a3b539068ce4d61fc7816889ff2534913b665c35243d1a73e79a8f

    • SSDEEP

      96:lQdZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExwshxjnMMUA:Qzdrr1FG1WDCgmjPZwoxjMMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks