General
-
Target
FW-APGKSDTPX4HOAUJJMBVDNXPOHZ.PDF.bat
-
Size
917B
-
Sample
230102-larecadg78
-
MD5
b24fdc872260f29a59e4b8d64951178f
-
SHA1
6737ddd082d82734350b1ea027b831b9d1a40cca
-
SHA256
d538905616374227d085054f88dad318d0580232f5fc3be46cb7d97276a58525
-
SHA512
26df85b2c8d044d277773c4b22db778022dd9c36ab1d9caae1a34643e246553a85c3f180ad7c2b747ccb9d23947081ed45a8d8220aa3d027e79150ba8069f39f
Static task
static1
Behavioral task
behavioral1
Sample
FW-APGKSDTPX4HOAUJJMBVDNXPOHZ.PDF.bat
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FW-APGKSDTPX4HOAUJJMBVDNXPOHZ.PDF.bat
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-3845472200-3839195424-595303356-1000\HOW TO DECRYPT FILES.txt
https://coinatmradar.com/
https://www.localbitcoins.com/
Targets
-
-
Target
FW-APGKSDTPX4HOAUJJMBVDNXPOHZ.PDF.bat
-
Size
917B
-
MD5
b24fdc872260f29a59e4b8d64951178f
-
SHA1
6737ddd082d82734350b1ea027b831b9d1a40cca
-
SHA256
d538905616374227d085054f88dad318d0580232f5fc3be46cb7d97276a58525
-
SHA512
26df85b2c8d044d277773c4b22db778022dd9c36ab1d9caae1a34643e246553a85c3f180ad7c2b747ccb9d23947081ed45a8d8220aa3d027e79150ba8069f39f
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-