Extracted

• • Target

    307a61c288932ffeb7a25d667cf2911266c5379acfab20aa9a52c1aa1148d59b.bin.sample

  • Size

    14KB

  • MD5

    4a42f739ce694db7b3cdd3c233ce7fb1

  • SHA1

    68fcc99e719b57308c9b1b3d4eef91dec62d02e5

  • SHA256

    307a61c288932ffeb7a25d667cf2911266c5379acfab20aa9a52c1aa1148d59b

  • SHA512

    15137fdc43519be2e83346d7a07c84d439e4da22e328722cb3da6bf1bcfbf584b2594901582ddf6ea363ae515e37cb1f32c407a8ebfe747a13562de927f92f54

  • SSDEEP

    384:0prr1gkDCgSZ75pbB7E68AvXIHqe939g83FMENKsB:arVDCp/h8QIOwiO

  Score

  10^/10

  xoristpersistenceransomwarespywarestealerupx

  • Detected Xorist Ransomware

  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

    ransomwarexorist

  • Drops file in Drivers directory

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  behavioral1behavioral2