Overview

overview

10

Static

static

10

VirusShare...29.exe

windows7-x64

10

VirusShare...29.exe

windows10-2004-x64

10

Resubmissions

16-06-2024 07:24

240616-h8wvyavbrc 10

10-06-2024 13:34

240610-qvh1xsxelb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_0d20e6aa3159f6835ce0756d8f710929

  • Size

    7KB

  • Sample

    240610-qvh1xsxelb

  • MD5

    0d20e6aa3159f6835ce0756d8f710929

  • SHA1

    dde70ab8312fcc9bb90bc45ac5ae13484f4bc45d

  • SHA256

    e297ed65badde263439d03895d0443247024614c15b014c3e83b0c2ec02a1beb

  • SHA512

    a1033b7c55205bfc52f8ac8f3ba6ef404992d532d1f70cb9b914fd68cce8eb0050da51fe7631ceb2d29e995f3436380a165e21085de02459b741405279a77f73

  • SSDEEP

    96:8RZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExxSIqjld9RhxLpHpMUA:qzdrr1FG1WDCgmjPZxSLJjxLpHpMUA

Score
10/10
xoristadwarepersistenceransomwarespywarestealerupx

Malware Config

Targets

    • Target

      VirusShare_0d20e6aa3159f6835ce0756d8f710929

    • Size

      7KB

    • MD5

      0d20e6aa3159f6835ce0756d8f710929

    • SHA1

      dde70ab8312fcc9bb90bc45ac5ae13484f4bc45d

    • SHA256

      e297ed65badde263439d03895d0443247024614c15b014c3e83b0c2ec02a1beb

    • SHA512

      a1033b7c55205bfc52f8ac8f3ba6ef404992d532d1f70cb9b914fd68cce8eb0050da51fe7631ceb2d29e995f3436380a165e21085de02459b741405279a77f73

    • SSDEEP

      96:8RZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExxSIqjld9RhxLpHpMUA:qzdrr1FG1WDCgmjPZxSLJjxLpHpMUA

    Score
    10/10
    xoristadwarepersistenceransomwarespywarestealerupx

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

      ransomwarexorist

    • Renames multiple (5858) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Sets file execution options in registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks