General

  • Target

    e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N

  • Size

    39KB

  • Sample

    241021-1114sszaqh

  • MD5

    5d8c6e9022da9cdde7c83e500bc09660

  • SHA1

    fc8679bea044346912f09ff17ded0caf53af9b07

  • SHA256

    e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392

  • SHA512

    373ca7cbcb63d1cd4bf33be6c524a8104781a714aaa0d50991cabfe746143ca18f355a592f681128ffb829fe82d7f5e3f4d2d5e956a520f2d4b9a7645f37e4ed

  • SSDEEP

    384:HebFNw4Pk1itKkpAjjalraxkqYvjSXkDCgSZWQbxpwMB:H0FmBkpKj1xnY7fDCpHxpF

Malware Config

Targets

    • Target

      e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392N

    • Size

      39KB

    • MD5

      5d8c6e9022da9cdde7c83e500bc09660

    • SHA1

      fc8679bea044346912f09ff17ded0caf53af9b07

    • SHA256

      e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392

    • SHA512

      373ca7cbcb63d1cd4bf33be6c524a8104781a714aaa0d50991cabfe746143ca18f355a592f681128ffb829fe82d7f5e3f4d2d5e956a520f2d4b9a7645f37e4ed

    • SSDEEP

      384:HebFNw4Pk1itKkpAjjalraxkqYvjSXkDCgSZWQbxpwMB:H0FmBkpKj1xnY7fDCpHxpF

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks