General
-
Target
XorEncrypt.exe
-
Size
3.1MB
-
Sample
241112-pv4f7asgrg
-
MD5
92ffd2386f0d90f07e12f74ed815d219
-
SHA1
161df5d3809b21bcee3c633c9b0cb35f7db046ab
-
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
-
SHA512
e245c920f563fb0a59da61ba4d9d50d62b6628b9f4307cc046cb17498b3883b607296649d97c1e74ec01b4a4a3196f78894cc025b54847973cb2dfea2ca62763
-
SSDEEP
49152:yQe1or7i33p0rb/TNvO90d7HjmAFd4A64nsfJm++4MKtgynxVT+l9yxm2z1AmW00:bq3prE1g3ezAHco7Y
Static task
static1
Behavioral task
behavioral1
Sample
XorEncrypt.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
XorEncrypt.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
XorEncrypt.exe
-
Size
3.1MB
-
MD5
92ffd2386f0d90f07e12f74ed815d219
-
SHA1
161df5d3809b21bcee3c633c9b0cb35f7db046ab
-
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
-
SHA512
e245c920f563fb0a59da61ba4d9d50d62b6628b9f4307cc046cb17498b3883b607296649d97c1e74ec01b4a4a3196f78894cc025b54847973cb2dfea2ca62763
-
SSDEEP
49152:yQe1or7i33p0rb/TNvO90d7HjmAFd4A64nsfJm++4MKtgynxVT+l9yxm2z1AmW00:bq3prE1g3ezAHco7Y
-
Clears Windows event logs
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Deletes itself
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1