General

  • Target

    d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN

  • Size

    366KB

  • Sample

    241019-d565aavcqe

  • MD5

    38d9aeda5745ab2d524d8f29628790f0

  • SHA1

    3d971bbc61c99f5cb5a1c8506be5dfba7fa813e7

  • SHA256

    d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

  • SHA512

    7a11d80b36f5213ac7a9ee7ccf50bcc652750e8a3521382ce40304ed2e4cd1cb20b1932070bd9d176b3d6def43ed109ef6af87b28cea33d26f7e463ee1ddf56b

  • SSDEEP

    6144:3/sNJUbPaYnJ3deKx5kkdsg8jJa/R9QwA0rM7WqMkCGbRQ:3oJU2YJAKxznQl4MpbG

Malware Config

Targets

    • Target

      d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN

    • Size

      366KB

    • MD5

      38d9aeda5745ab2d524d8f29628790f0

    • SHA1

      3d971bbc61c99f5cb5a1c8506be5dfba7fa813e7

    • SHA256

      d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

    • SHA512

      7a11d80b36f5213ac7a9ee7ccf50bcc652750e8a3521382ce40304ed2e4cd1cb20b1932070bd9d176b3d6def43ed109ef6af87b28cea33d26f7e463ee1ddf56b

    • SSDEEP

      6144:3/sNJUbPaYnJ3deKx5kkdsg8jJa/R9QwA0rM7WqMkCGbRQ:3oJU2YJAKxznQl4MpbG

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2181) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks