xorist | 9207564703[.]zip | Triage

Sharing

General

Target

9207564703.zip
Size

91KB
MD5

8a17c0c50660056bce6a0292d302ebbe
SHA1

57a42db01fd1ad220012f3bcb824181b1b275ce6
SHA256

b228112ad5e00b19feb03dfebf42006e529496d4f2795d078ab97b4009e804a9
SHA512

4671d339fd27c2a37a8e5e9f46e7101e18f695de66c5a8b5d1d017564e0e38ae2603334467398a3f95737e8733f8417300f07da306dc2385355980d61c14a273
SSDEEP

1536:mgELMGLrGBqoBZw3SIxu17trKXJKoXQDLfKrSQq38tNB3fKzU36AoWPx9a:ZEQGLrGtuSIs17hKXrAKGQZbBvKzUqGq

Score

10^/10

xorist

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/1e5ea7dca626a9774d1ccecfaf7656988e4a09c4203c022f547a2d6b5210edc8	family_xorist

Xorist family
xorist

Files

9207564703.zip
.zip

Password: infected
1e5ea7dca626a9774d1ccecfaf7656988e4a09c4203c022f547a2d6b5210edc8
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE