Overview

overview

10

Static

static

10

56f02c1295...17.exe

windows7-x64

10

56f02c1295...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9207514463.zip

  • Size

    79KB

  • Sample

    230221-n2fs2age7y

  • MD5

    80d330fd5fe1eb4229a0c0505cbad070

  • SHA1

    872a0059726d7354d0197ba209733e195b16623b

  • SHA256

    0f4bead1078d0165109355d520b28692173ebb6c23a1ee4b36d44a500e28c91a

  • SHA512

    66d2aa22d0d579d3a8d313fac0066b672a38867bbe5332c4a4920d18502ba769e9b62a5a4cea965c4d2f5d7ffc424430f63169547383bb32763708e50e4bbc3b

  • SSDEEP

    1536:hYBMJzKp9GrAGFHNm+xa0XOYxM9Rnkm/C9niotBuHxEHnBO1BQGYJs2:GUybGNl12Cnz78iHBOYGJ2

Score
10/10
xoristpersistenceransomwarespywarestealerupx

Malware Config

Targets

    • Target

      56f02c129554ebdb58371c23b105b2f1325692e6b9896947dba74e35b422c317

    • Size

      194KB

    • MD5

      9c06e125a593592d35ffd77d51abeffd

    • SHA1

      69cd7ebf6a8758c7fe05a122ebc1fa6a4c7d72bf

    • SHA256

      56f02c129554ebdb58371c23b105b2f1325692e6b9896947dba74e35b422c317

    • SHA512

      2891c41012f1a42117c18ca16dcd96671e303332ae96237d62659ea49466ee36a7cb8dcfcc90d89b78b36d36574a475dec45324b245e4f22045dddb0f6b06892

    • SSDEEP

      3072:MUQuZcr0ZVJqwvaPYzZ6jMieyOksVnqZ2YjKyWPxWr509IAYYRIeboQ3hVoXZKqX:ox0Zzqwiwzo6ZWr5k1b/3hVCD47+5

    Score
    10/10
    xoristpersistenceransomwarespywarestealerupx

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

      ransomwarexorist

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks