General
-
Target
9225250369.zip
-
Size
131KB
-
Sample
230221-n2jjxsge8s
-
MD5
7c68b6a3494c0f2d1197d8bb5d787494
-
SHA1
15292934b45b68f367e3a868fb71a7fa2d8a77b9
-
SHA256
2d98dd0d3b2a13e5143bdb5ba552fe6e57d624277016cff98a9becb45ad880f0
-
SHA512
5179a0ad151fe788236a24a5ae17573105a04af45fdab094b244b2873138f555e39419d1d125824f2b57eb8b08e1e1b91ad1e5110813bafb2988736df784eac7
-
SSDEEP
3072:2qeJBdwyzz6YYTlrSeWVFyJ4e89++aCGDAbwXpb//i:XmCg5ml2nFyJ4ek++alDAbSb//i
Malware Config
Targets
-
-
Target
1c7853d1b2fe491c0176a205cde3530d35fc933a3e55ae8e68a595dfc127b7b6
-
Size
238KB
-
MD5
70614578f63f24345f7794d5e022b986
-
SHA1
e0e2ae538c23c5709d9d81b0280d2f7337e6f87d
-
SHA256
1c7853d1b2fe491c0176a205cde3530d35fc933a3e55ae8e68a595dfc127b7b6
-
SHA512
cdf0bd590eca7e46a11a6c21bac375e57b9b865e42b99e3445404b71623f9719ace0d881a12f1064b1355d5aec41926910cb9cf3644b24ea3aedb5d32b00d82f
-
SSDEEP
3072:sr85CDvxwgHX+MB7+4TFs/ahEFA02I4T8uUQ1jSqcOj/UxNyN5c:k9DvygDBa4yFTprO1Tc0cY+
Score10/10-
Detect Neshta payload
-
Detected Xorist Ransomware
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-