General
-
Target
99b8962d32d011802dfa8c8aafaf2c1464fa80d9fb107f7fe1abe7005b5af2cf.bin.sample.gz
-
Size
173KB
-
Sample
221209-j23kkscf87
-
MD5
916755125005fc1c26769b7b64f95f7a
-
SHA1
ac004fd4d3273eca3af2fb472a101d243ae68938
-
SHA256
90b23c1d63e4c8653e17a75f0eb2921b5190b6635fa49effe00e06d429f6d7a2
-
SHA512
74da91c2f9ab50c57a5ddaec36eaf2517917f24eecdffa4374107c93e4c53dd694f50b435743ec918af6ede3dee7edb0e61ae06ff35abe1cdff5ad77fa510bfe
-
SSDEEP
3072:VI18XaYt1UOKaIEvqQLRIJoUGuEv1hpRP86EjWwb4tQSBsF5Ho9/E:VIiKIUNEvqQFISsQnP8jWwgBu5HQ/E
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-4063495947-34355257-727531523-1000\HOW TO DECRYPT FILES.txt
17pXroP4MruitJzpTa88FAPAGD5q5QAPzb
https://www.bitcoin.com/buy-bitcoin
Targets
-
-
Target
sample
-
Size
265KB
-
MD5
edb9ba4dec60f2fbabe50db587ed035b
-
SHA1
43ba0dc628d76092dd409a6d21f81e5045ddd24f
-
SHA256
99b8962d32d011802dfa8c8aafaf2c1464fa80d9fb107f7fe1abe7005b5af2cf
-
SHA512
7931e66b5c7fe59981835623f4fef3228aed943b49f3b44b1ad8831f28e9f8be8b1be82e1564fa33a843352345f95405198ba89c98bc3e62622b3ab081c7ecfc
-
SSDEEP
3072:hUQoKIo3zkikzwVNYWGN6ozfnQxct3VCyuVMAAbMIcEWSRgdOdLOfTg:Ryojkia2pGNbZ3EvVxIcEmOdM
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-