Extracted

• • Target

    b2447bb9ef759c890d75e31eb07f0553065d74403f654c9757635b02f1b753be

  • Size

    194KB

  • MD5

    38861549ebf043bc397f47726943a067

  • SHA1

    bba10fb61d0dbeb6d99e779d6b452fa0d4fe09a3

  • SHA256

    b2447bb9ef759c890d75e31eb07f0553065d74403f654c9757635b02f1b753be

  • SHA512

    30d3c812d28ef4d0b23ebcb27a17b48ffc6d8ae16d52ef188f2336956252fc4ec85773c80e8ffa34047952badb1977a6e0ac297d6694343fead66287233b9006

  • SSDEEP

    3072:DUQjXKWZCnEGsA2SgRxwgHX+MB7+4TFo/ahEFAI2I4z4:vjaWZY4VRygDBa4qFzpP

  Score

  10^/10

  xoristpersistenceransomwarespywarestealerupx

  • Detected Xorist Ransomware

  • Xorist Ransomware

    Xorist is a ransomware first seen in 2020.

    ransomwarexorist

  • Drops file in Drivers directory

  • Modifies Installed Components in the registry

    persistence

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2