General

  • Target

    RNSM00408.7z

  • Size

    30.3MB

  • Sample

    241028-ytp2vawdke

  • MD5

    487d488a75593b71d0fc2b45a1f7d730

  • SHA1

    fa9519a8b9f19146202340447fe8a4575dec4677

  • SHA256

    d7db27fbc0721000c168e3bf726bb9bd7f10c18c7ed49d3618e6b31e50191ac9

  • SHA512

    e0147341d939b6f108da49322017faf10b621cdf190b7ba1d2a986aace5caed931cf8617b29415c46af47e755654b54ce88bb84edd22f086d21095f169a280d9

  • SSDEEP

    786432:LK/D9g7EtZFDeJQZWIaFA4W2LKU12ZOGuTmvWBeOtMbXQ/:GBDtZEZFzV9NuWg4MbXi

Malware Config

Targets

    • Target

      RNSM00408.7z

    • Size

      30.3MB

    • MD5

      487d488a75593b71d0fc2b45a1f7d730

    • SHA1

      fa9519a8b9f19146202340447fe8a4575dec4677

    • SHA256

      d7db27fbc0721000c168e3bf726bb9bd7f10c18c7ed49d3618e6b31e50191ac9

    • SHA512

      e0147341d939b6f108da49322017faf10b621cdf190b7ba1d2a986aace5caed931cf8617b29415c46af47e755654b54ce88bb84edd22f086d21095f169a280d9

    • SSDEEP

      786432:LK/D9g7EtZFDeJQZWIaFA4W2LKU12ZOGuTmvWBeOtMbXQ/:GBDtZEZFzV9NuWg4MbXi

    • Detected Xorist Ransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Gandcrab family

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks