xorist | f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9

General

Target

f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9
Size

5.1MB
Sample

230730-jvfr8sgf35
MD5

b41e4136edba950ee7d0a2a338d18d20
SHA1

637b5649d08e92bf809a707b0f4ec2c40d074126
SHA256

f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9
SHA512

2145c236f5b47d20ebc9ad34c6e97ebd1857bbc33b3bc3de65c1556883f3c18ff129cfe5244fa15d2733f72243edee8e4c50da60496eb930e0d80605789c8700
SSDEEP

98304:m37k/NEnIyzZiW8DI/Pzw744D0QOIk+6JuI3l0Rdb0ms:wM+nIyz0Izw7P/OeI3Oq

Score

10^/10

Malware Config

Targets

- Target
  
  f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9
- Size
  
  5.1MB
- MD5
  
  b41e4136edba950ee7d0a2a338d18d20
- SHA1
  
  637b5649d08e92bf809a707b0f4ec2c40d074126
- SHA256
  
  f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9
- SHA512
  
  2145c236f5b47d20ebc9ad34c6e97ebd1857bbc33b3bc3de65c1556883f3c18ff129cfe5244fa15d2733f72243edee8e4c50da60496eb930e0d80605789c8700
- SSDEEP
  
  98304:m37k/NEnIyzZiW8DI/Pzw744D0QOIk+6JuI3l0Rdb0ms:wM+nIyz0Izw7P/OeI3Oq
Score

10^/10

xorist ransomware spyware stealer
- Detected Xorist Ransomware
- Xorist Ransomware
  Xorist is a ransomware first seen in 2020.
  ransomware xorist
- Renames multiple (2153) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (2167) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Xorist Ransomware

Xorist Ransomware

Renames multiple (2153) files with added filename extension

Renames multiple (2167) files with added filename extension

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2