xorist | fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_8.zip
Size

5.3MB
Sample

241122-d3hnxazlbn
MD5

a08902a38452cd5ce655ba54040c5833
SHA1

b94c8f6b0be6f2e8f003c9cfde9d8857d752cb2b
SHA256

fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653
SHA512

990a022b6ae18b72daca14bc1c0eee95f1e89e366fc62b9b4824e4cd63f261837a56461439fce9b5a6a6aaec03912595d36f1dadeea5661a4cb6a050d40fb12a
SSDEEP

98304:F6DMk1Jj0MM/64iXHiO1/ghHDwkLP1tfd4HLMXaWPNEa82i2noWmELP7lQw4oJ7:FWHnM/6l5QDbPrV4HORnoGCw4oJ7

Score

10^/10

Malware Config

Targets

- Target
  
  FD4DC9B2BFF8D75A704E8FE33C63DA4B.exe
- Size
  
  214KB
- MD5
  
  fd4dc9b2bff8d75a704e8fe33c63da4b
- SHA1
  
  d45d764fad516464ae784ed61a71e234b10dba42
- SHA256
  
  9ed8b4e2db6d4feb162a0b1109ba4ca92065bd7d1256b6d234e9840dd36ef581
- SHA512
  
  732a7e209e493e18ae421bc28415389433d1827e4334c40671d354067d280a18a686cc83d9538bd331f66011b8149570b40664061485cfab7b592b7f9e82bdcb
- SSDEEP
  
  3072:F51M+lmsolAIrRuw+mqv9j1MWLQllg6CM+lmsolAIrRuw+mqv9j1MWLQlL:Fg+lDAAaD+lDAAmL
Score

1^/10
behavioral1
- Target
  
  Flyper.exe
- Size
  
  214KB
- MD5
  
  7b75b33bcf4ecf013b93f84ed98b3fb5
- SHA1
  
  7be5f5dcf6b9519c0f8c8071503b7f5dd66b6386
- SHA256
  
  74aa7b73b46d7bd7bc53cb44add9ec8172f2de7831d045e33db06e2d6b916edf
- SHA512
  
  96e1253358db1f724b381f9e1e416cc35bf44d94505e8b86508676f997b44be65d3c33c22df9c004652a34170e48805f9b7ba6f2703dd287e8c770cb426c5114
- SSDEEP
  
  3072:5W1M+lmsolAIrRuw+mqv9j1MWLQFPBCM+lmsolAIrRuw+mqv9j1MWLQlL:5J+lDAAIv+lDAAmL
Score

1^/10
behavioral2
- Target
  
  Flyper2.exe
- Size
  
  214KB
- MD5
  
  d02d012970aa164cad15c757d7e52994
- SHA1
  
  25eef16797a7cf4168938f9d372332d65356b6f7
- SHA256
  
  eba685abd63d2c7378f788aa5ca8e4f95f4b82b51347cb8818090ef54e8f7d29
- SHA512
  
  640545996e924b5f759ba69f970686e67defc9142a195fb6774dd275e22961fd9b21328b119d42b4032f1cf4eb6363ccce64bf6f423d2bf3ddc1d8d5b1f524ee
- SSDEEP
  
  3072:BM+lmsolAIrRuw+mqv9j1MWLQ6xZ4qM+lmsolAIrRuw+mqv9j1MWLQlL:6+lDAArx2+lDAAmL
Score

1^/10
behavioral3
- Target
  
  Flyper3.exe
- Size
  
  214KB
- MD5
  
  fd4dc9b2bff8d75a704e8fe33c63da4b
- SHA1
  
  d45d764fad516464ae784ed61a71e234b10dba42
- SHA256
  
  9ed8b4e2db6d4feb162a0b1109ba4ca92065bd7d1256b6d234e9840dd36ef581
- SHA512
  
  732a7e209e493e18ae421bc28415389433d1827e4334c40671d354067d280a18a686cc83d9538bd331f66011b8149570b40664061485cfab7b592b7f9e82bdcb
- SSDEEP
  
  3072:F51M+lmsolAIrRuw+mqv9j1MWLQllg6CM+lmsolAIrRuw+mqv9j1MWLQlL:Fg+lDAAaD+lDAAmL
Score

1^/10
behavioral4
- Target
  
  Free YouTube Downloader.exe
- Size
  
  153KB
- MD5
  
  f33a4e991a11baf336a2324f700d874d
- SHA1
  
  9da1891a164f2fc0a88d0de1ba397585b455b0f4
- SHA256
  
  a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
- SHA512
  
  edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20
- SSDEEP
  
  3072:PkFkkk2kyWxkFkkk2kyWD4zC270lkFkkk2kyW:PkFkkk2kyWxkFkkk2kyWDwOkFkkk2kyW
Score

3^/10
behavioral5
- Target
  
  FreeYoutubeDownloader11012016.exe
- Size
  
  376KB
- MD5
  
  8731c5b9c6b632517b757219113dd853
- SHA1
  
  732c867995bcf67eb6f0e21f3c76e5428ceb8a71
- SHA256
  
  1e307799a25403c465d634854a10ee9329aef33a06ec41538264f8ec6695b8c7
- SHA512
  
  25350e182d17d5d568287ef9bf173823d4fc4e3d90aff13d2108ee99fd9ccdf5c8b13bff5353ced1b61a91942b0ebdc42ec770bc9fe9f9102d877d2fa5760aff
- SSDEEP
  
  6144:m/QiQXk4oL8+Ee0CYDTAsdR9H8RMDgxqvUUl49EcATvx04/o7+ze4S62T3hG47no:eQi94oL8+iDNdRNUkg0UUl42cATvxsZe
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral6
- Target
  
  file (1).exe
- Size
  
  136KB
- MD5
  
  0b37809ae839d24f5a54c3a16f5b4f35
- SHA1
  
  d3091cee95575a53ce93b886469924f2603efbdc
- SHA256
  
  2902a063774a2092d85dfca18650b87fdc087a337add8012e67ea7cdd5debcc2
- SHA512
  
  0a9267efc5c0fc25d812f52ff95bd20bae31a12e78fe1ecf07a6d5a993f2a71a66180ae826b3097982b78c221a7f8313c45403042e54a7247a50e7c3ce984895
- SSDEEP
  
  3072:4PTKQFRiVdubWibOQNi3MWL4FksNYFfPK:4PFRwAbpi3MDEK
Score

10^/10

defense_evasion discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral7
- Target
  
  file (2).exe
- Size
  
  100KB
- MD5
  
  947740d3bc01db29b14d1752e20775c7
- SHA1
  
  408847d6c160f4ad377a1844f88bba43ca470f82
- SHA256
  
  cd7843ba1ae94328aeecfe27eff4fc3e449f297116760a37ebb72a13525e0638
- SHA512
  
  dde21adca681cb489ac12412d41ba6ad9bd997f5ccc4f0307630373ea6c68d67596105c38446958ff0d5276159fa9e45d8e566b79f1c41ede2b7c010bab3b1c0
- SSDEEP
  
  3072:UvE3ZxbErzsP2igyL5iolnJ3F+sNYFfP:UE0rzsPLQmNE
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral8
- Target
  
  file (3).exe
- Size
  
  146KB
- MD5
  
  f26c45393af03e80a40ea06aafb01c63
- SHA1
  
  7c7e2f2e97269fce1777e00fd9a02f378cdc2e60
- SHA256
  
  9ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
- SHA512
  
  a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
- SSDEEP
  
  3072:c0f+6XYD/v+IE1ntwfEqZKfW03DKk9eOxdN/7uzNooX2MsNYFfPu:L7C/Wz1ntwfEq4fHwOZ6FXoE
Score

10^/10

defense_evasion discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral9
- Target
  
  file (4).exe
- Size
  
  97KB
- MD5
  
  241421356dd99063199983faaaec1d8b
- SHA1
  
  2f65f6007347bdeb6bce09f7b727ed3db30c86a8
- SHA256
  
  ca1d9b37d93106cab5f20fde3e6943ac0ae4761589cf31e2554fbabfaf80bfd5
- SHA512
  
  59757412acc955bbf6a0695fac8b1b7ac231ae9bee71a42307cc4ec793c09f4d52a7358b0a8b40fa0658fbc688743034eedcf16da36f8bd2643cc48deb2c73ee
- SSDEEP
  
  1536:WUVdfhkoWcPdBW4TVu5nHhJKqMkwN7Y0S8iXU0CsNdyukfP+:WUVTVg5BWkfqUEsNYFfP+
Score

10^/10

defense_evasion discovery evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral10
- Target
  
  file (6).exe
- Size
  
  157KB
- MD5
  
  438580ccbffdc97ad5b9f09a213c3e8f
- SHA1
  
  0437c2003974a979ecc4170544f2f863c7dafd12
- SHA256
  
  f77ef2ace574ee9a7d758ef00f7df14c940381625b12a4b65e5e292d1ef34b1c
- SHA512
  
  a8214216662cc7323b3ab0aec016647581ff2ca68edeab9bf340c7befb088f501d7d592f901eea48211681bcf5f90fc74293b940152f32e1be6555f55dd4dbd8
- SSDEEP
  
  3072:0t6Gtx/jjOtP8JV4Y1aaH67pnMK/MdyGwsNYFfP:0thut0JV3fOMdE
Score

10^/10

defense_evasion discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral11
- Target
  
  file (7).exe
- Size
  
  414KB
- MD5
  
  5c6416f819bfbca2f1862691a03f68be
- SHA1
  
  b26cb187e3ea74fbb76bbea4096aa9315ac4e405
- SHA256
  
  b5c2e240ebc4323421fea99a02507a79ea9fba5b29ee9b6cc3e808d288de8c02
- SHA512
  
  9288510c7541aace8bd669f2ed8e186760a1d224874234a1d797fd7f64462313308828785e43edd010d332f589f8ba93124fe55879638655d18673d56c0d0b26
- SSDEEP
  
  12288:IOkIEyW/jLPWXR8Kwxs/bJYorMvQGuArOQb1K1Gc4nS:AyWPWq/xAxMbrOQJ9c4n
Score

3^/10

discovery
behavioral12
- Target
  
  file.exe
- Size
  
  256KB
- MD5
  
  56fe9f129308ccb3a1babe9169f2414c
- SHA1
  
  74809983aa3e0562d69ba5ea5da09b75cd5d1d1e
- SHA256
  
  6b9611c64a82acc1bcb4ee26b372e6b1717e4acb790139d5e296bfc3c440ec24
- SHA512
  
  ac0d0a3610a3bdeaeea0b087c9dc9b86a61971b98c91bca6efa22989debccbc4b8fce1b202a978e10d06d0c38fc93e97a8b68986416b8488bc70101eb01003eb
- SSDEEP
  
  3072:YetaGBy9OYojUkNHEk+qza+ik8X9ETCx5z00kEQMwti2rmSy0PMy50UCnLFUgKaX:l9GLkJEk+guZXD5mI2rm3U6FJKaIOJ
Score

5^/10

discovery upx
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13
- Target
  
  file_ (1).exe
- Size
  
  288KB
- MD5
  
  6ffa35b0a2acd5565ade6d3e1af64a94
- SHA1
  
  7cd6bd698f1629a5ef913012c4b0ddad41f9a332
- SHA256
  
  66c7984e9f8af6d058d696c4f38efe2d527d02bfba83a3ec2db204ce9c70aa29
- SHA512
  
  916d4591806e95a5967c0dc495988b30202f14395efc85586e7c1294c22352a93a8ed8d3df7ebcf44809830a44f211f365196adced4da863479024a86a762f72
- SSDEEP
  
  6144:eSMxSiMnm1e22/p56dNI07bMLox7xRoVkUSlS6mldw40jELBAF:eSwys32/ydNI07bmcxAkHSTZdAF
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral14
- Target
  
  file_ (2).exe
- Size
  
  164KB
- MD5
  
  fb7f7126227b912f6cecb6f6350e845b
- SHA1
  
  1ca974c516cff5f349a60b5079dd19da12f530ab
- SHA256
  
  9f3c0bbe50b6be0afbb518a02cbdadd2b8b70041b08c26e526126ef383e1b9ac
- SHA512
  
  86998f55b2bb03dcb3afd2a2a73e323e9e7f48592acb9b2f5620508ab981a849d9a9774b5379b73ea618347996a1f8b6d9f8dcf52ab7e95bef8b6f435f47b56b
- SSDEEP
  
  3072:44LgKLXiA+3uShifxS/OQSYGHGQwtkTYpj7ToyJIP+ZWs+YqCC/RYnsf:44LgKL+ixAOQZGmLtk27To1uWs+dCC0
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15
- Target
  
  file_ (3).exe
- Size
  
  287KB
- MD5
  
  9b64fa84f1b815d909f4d4134ef2f077
- SHA1
  
  65da225d8393095f657f75eb16928408d2235048
- SHA256
  
  3f319c6679417445c6c1179eb0424b4446a6798acf61efc38c64de780ca64357
- SHA512
  
  b2b2fdfb03da6901f8cb01eb11a7ef1d8bc2757c1202fc14dcad492b7552ec3cdb81fcabc39632d3c1d4ec9ad130c38583f6995f8107816895e87620de875996
- SSDEEP
  
  6144:4F3LPSBCHorc1Z6LBkL2WhSbm2gfRtYwxpTxh+fwZZmqUEL79h:4F3WBrcRL2WJRtewnfP9h
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral16
- Target
  
  file_ (4).exe
- Size
  
  135KB
- MD5
  
  693f73c11611c6e8cbc1421e228739e2
- SHA1
  
  4ea96e0a92b563112dd05783e41b416cc410fd10
- SHA256
  
  99d596702cc87904fa030fec5f21f6f078c3b04b58b19ac7528f14834cfe943c
- SHA512
  
  e255bf838fd0c6cf3ec4e4d77cd1fc875654687a2ae2f3c6846f3b11544bbc0d1a2eca67129bcb89715077a55930f33cba5b99195b91911869e86ebcf30e450c
- SSDEEP
  
  3072:/sfKhCVx2XoxJOIrknnyWdWTBR6t1VQLpaPyzF:3hhEJ3rkyCwct/QLsA
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17
- Target
  
  file_ (5).exe
- Size
  
  285KB
- MD5
  
  036cc0b626fc8b6b9d8136258f7de2ab
- SHA1
  
  ec3c316686653affdd9e919481887ed8b11b083f
- SHA256
  
  39bec7d640fa31372e63fda5b8c5fb5399a28ede453cc8d08adc6a0936dc4762
- SHA512
  
  3d9a30977cceb1f8bf9cd9eed754058314f54a1b8758bdfe29b3350346faff7e8e9deeb9f182e71c2dd1fc3aa3f9690601adf3a6f229586876d09962d2848d59
- SSDEEP
  
  6144:weETxpj4y/11v8n1w4P8C/CVfA5SVPN+B6REIyUFGEHapLbA3:q/jJ1vAkC/CCSZC6hyUFGxHA3
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral18
- Target
  
  file_ (6).exe
- Size
  
  134KB
- MD5
  
  046a93df3f0690ab42cf3fb46e2c8078
- SHA1
  
  8b408e00c7f36ceb54c8d6148415bf1373dec3c3
- SHA256
  
  0a5b1277f0c36dba889f2bc43ff8f3eac24ddc343354f7110acfdbcebee9001a
- SHA512
  
  a61821e9fb1c517f9fdb66c24892c4cf2e1166eade93a5924646435123c585271c4efa9120797b73d84e592daaa4e4a3f5018ad8f4f8efa967a49b8644205cd9
- SSDEEP
  
  3072:JJCBy+OCiT4adPHT7CGfvnMAnqLYFryKF:f+OCw4IHNvMAnqLYZ
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19
- Target
  
  file_ (7).exe
- Size
  
  165KB
- MD5
  
  0d46f0bb1c0e4bc3ca1fa9f2a9b13b07
- SHA1
  
  67f295dff78f43fe28fb5a9cf8e667bc2b1a1100
- SHA256
  
  fb4acc579180273a55a597ab20ec77a7280acb5e2ffe970160dd72b8c1694769
- SHA512
  
  ea9ee344015ed93f3fc2fe316e0df1922639f51e90aaf5be65e94a82a3177b00448ebfb7045bb57035b561688e7f05fa93ad74bba2b31029ffd1994cc74dc698
- SSDEEP
  
  3072:RSdK59VNPWqUWnSHmm42G4pbjJ+fRxXfQbNIaykBatKyN1e0W:RSCNPlvSGm42GwjUf7XfQB/Mtpe0
Score

7^/10

discovery upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral20
- Target
  
  file_.exe
- Size
  
  288KB
- MD5
  
  aee521e7f474c58f4290c7a6a80b6b1d
- SHA1
  
  fdc2068d7d03c80392a878283a55ed80367fa84d
- SHA256
  
  b658a9d05f48b37b025a538d5ebcc437d4c11f90d97a815246503ae13cb2300f
- SHA512
  
  4bd61a8ef822820220c428dcaa69417fd6c7d7b644a845e9dbfe9a033a246125ef028cb4d71842519e3276153aaa9b692a156dc1d0aac397907d6c09f13453c0
- SSDEEP
  
  6144:CqllonqeU7qjgrKYpSGycawn8Ty2YhJ4L5KCPBJUsOmkfkHGWaeiWLh2:xlMq3qkKYEY8Ty/E5zp3HtaePF2
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21
- Target
  
  file_9.exe
- Size
  
  107KB
- MD5
  
  05fa70fac7d39757fa615c459fe1ab6e
- SHA1
  
  5ab4fba43997a3df4afa36e05012440d6d0253fa
- SHA256
  
  df4b719bc0b675b6a9466e8fd57e42ff55994e22507aa82aa08fd574935c83e4
- SHA512
  
  165b74dfb464f3b16cd97cc6c70e8f792543f30cd8c895fd695205531ff96fb630aac22b3f9f2398ed2aa0544b2ab827c8e7e8a018ee1eba021fbcc36e77cd31
- SSDEEP
  
  3072:UosBt1tpuky65s9MAfzbD8pTsmT+G42Wec5:UosB7tUOAvAuHfe
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral22
- Target
  
  firefox32.exe
- Size
  
  62KB
- MD5
  
  866604f3adb9207e29505012215f203f
- SHA1
  
  718b342c3bc42f3e73c4014c2b105c4d467b0ba6
- SHA256
  
  978ed9b9c86653e8f10feb9e7f93eb32f2dadeec42ccce498403e96b7bb3e3c9
- SHA512
  
  cdcdd94e2a4c550a819a28085fe543ed944da298da1409ed111380fbde89f6976a4c7d040750307579b007b4551aa86182d453408436bd7aef35423c49b60f79
- SSDEEP
  
  768:nJ+norJ8u1A9lYYoEXVY8Vb4AitlW+j6O+5X3BJLkgpPpyI933jNdTfpLPvTMuO3:J1l+UMVUjWd/3ptl3jNdf5v7O3
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral23
- Target
  
  flash_player.original.exe
- Size
  
  530KB
- MD5
  
  641ee9969fdfd9e6efd5211f4e363fb1
- SHA1
  
  248bb709f7a0eeb102c6793d73531d47a8372351
- SHA256
  
  b4baa6e421ce09d13f0d93c528375c28c8ac9c7ad0ad1d0ccbf533b82524dec0
- SHA512
  
  1ff9365ed62c32ede4208dddcc662b76d15831013d9d576614ffa7d73a794b952e78f43e44fd01e516104e3177d4bddbc3fa664543ff38ea2aa9e38e382136e9
- SSDEEP
  
  12288:SMhCBdogPgNJ17IujqSBg3uBLgh62eKmd2jG0ox:xIBdogPgNJSujqSKeHJv2jGV
Score

10^/10

discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral24
- Target
  
  flash_player.unpacked.exe
- Size
  
  1.4MB
- MD5
  
  21c73f81e2a00d76fc5ffafda6d658f8
- SHA1
  
  3ef746babb4282449744ee565e5c326b82b0263d
- SHA256
  
  7cd7119f0b6e320b48c06658fcc9bcbe4367891b0d415474b66d7e4f258255d1
- SHA512
  
  fb8162af3e2edf9b92c394c9fa37fc58c77b7494a60d44829ae8ab91a611040919040c0cfe0e7b5f4dfb0997dbd7dfde20169e29c3b4e64a064ef185dc07d9bc
- SSDEEP
  
  12288:/PjQwAjnhk0+UYfBfZOXEU5fbhXr46LuPZ47lk/6cHHiv7n1:/Pjtqnh01JMHVbCsMocH81
Score

3^/10

discovery
behavioral25
- Target
  
  freegaza_israeli_killers.exe
- Size
  
  345KB
- MD5
  
  685a8933f565793c2bf54770b3286bbe
- SHA1
  
  85f5e2bb703c836c2a29045d6fc15ef81804f938
- SHA256
  
  8acccd48ee73b7eccbc3622341ea33f9e07dbcdcd6e07f8b01fb630015a44659
- SHA512
  
  40a85e1d8f0f80120bd413efece18ed5983ffdea316ddedd760c487da535803ae6b904f97b32c8732cca3bc8f6e6ea4f440849281a0d3c541d26a4489c3383a4
- SSDEEP
  
  6144:gSUomEUi3+sMZ3xEYIrQ3XFp6/ZLk5rmrL0bl+oanFvRB4ulqTyO0A:xUomEFRu3xEPEOBermMetRBXw0A
Score

7^/10

discovery
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral26
- Target
  
  fresh_a22bb95ee8cfccc94ba183c071bad3a951b353e98fcf0d6cfa9268aaf9c53d53.exe
- Size
  
  32KB
- MD5
  
  5746843ce1596f53fdaab16289fce8ce
- SHA1
  
  6d34dbf9e248555c228e2c641d4e0597f19dbd72
- SHA256
  
  a22bb95ee8cfccc94ba183c071bad3a951b353e98fcf0d6cfa9268aaf9c53d53
- SHA512
  
  8569e70305338eea019eed39d70bb793a5e06955a267475f637d724cddd27785e2aeeb5f662edb65a6eb3002687a7fbe59e43ae7d7e3bb4f23860e8392e9cb3e
- SSDEEP
  
  384:vKYlvmvlVpw+oGFVQ+YGQgBy+vzYuS1nTB0w9rmDgjC9G:vKYGlVJYGQRFHmDjo
Score

9^/10

defense_evasion discovery execution impact ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27
- Target
  
  helper[1].exe_.exe
- Size
  
  504KB
- MD5
  
  2599225a023f4d4c7e8d7f3361236615
- SHA1
  
  9a265bae87e87f01e1b17f02801f39c87da0c1bc
- SHA256
  
  d54e3bd3d6532cd9b1c0e66f8148063ae5889c0a76bc04876f3c32e3b58f1cb9
- SHA512
  
  d237976c619e05caf9dcdb7fae0d14acd5c34e3d3f47767bfcd3ba087cbe3b57b3ae159211a7a882446b8eed5ca956e72f71907a92950c68d142bdc7b136ece3
- SSDEEP
  
  12288:j3nZMhJ+ubNmzoOoTc5Bvt3AsRMoS9VqoQXeVQAoOPpE18zvV:j3nZqfbkzQTMJy9goQOV7P218zvV
Score

3^/10

discovery
behavioral28
- Target
  
  holycrypt-v0.3.exe
- Size
  
  152KB
- MD5
  
  1a4816c8585e449953803d7cb17cefc9
- SHA1
  
  685e622ccc7fa34be1e80a3dde4bb559a4bf76f0
- SHA256
  
  bd9cb63686cf3fba0e72dee7cfdc90438ce33dba4f95c3b77ee39cb6619852d7
- SHA512
  
  cde256816025bfb1222780a73fe575fab1e7464f15d6afc18fd57f3e5ccdfe1c22e76cb01d78799411595efefb3b4b6981a2f5f0bd62b10c79010951809d594f
- SSDEEP
  
  3072:6wxxnbnO7gu6p7sto17AocreRw9zRWp/+d16BaehR3CBR5UBuzRdR8JImOJeEV+:C7SYtAAIRw9zRU+dzev3ZBuRdiJwnV+
Score

1^/10
behavioral29
- Target
  
  info[1].exe
- Size
  
  129KB
- MD5
  
  270b8ce04a9f55809938430a2fe6bb47
- SHA1
  
  2166a3a41a65bacf5d53f62d432a67fb8a0dacbe
- SHA256
  
  df7b73c2a36286d3d328128c00136f4c89e9c7263ca281b1af44ec06a43c61d2
- SHA512
  
  3eb31dc1afbc5f012b8fae8ffa51a31a37daf1b5eeb308dd7ccc318fdebf6a3fa14f52132a18d914a527b0d6be32e908728c40253501805815fe5c4af31f8590
- SSDEEP
  
  3072:s8Gahi/GgReBJ3wk2dn9KXtTPRmvnI9QCQyT6ykbI:lGvGTSk2dn9KdTUvI16d
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
behavioral30
- Target
  
  informations.exe
- Size
  
  506KB
- MD5
  
  ec2b6ecfc8ca67f9357b6550166a0838
- SHA1
  
  134a0ae85224a12e3b8114900b83c9669524d427
- SHA256
  
  8b1c6d1c4df109ef648f36a31e59e492c9752b0acf0eea26a0a75b2398c5d86c
- SHA512
  
  d4803c161590c31dadebc13b1d505ee1cf1fbaee52facacdc5ea38bb16f485377819877b4a7662b255caf95c2f5ac93149f211e35c940660d0398142a00bc424
- SSDEEP
  
  12288:A1V8jxipOdK/nJr+ihc9DRVnXGrqgv6rk551VkG1ZUQ/bQDiW:q8lipOAgoc9L2PM5ybKi
Score

10^/10

xorist discovery persistence ransomware spyware stealer upx
- Detected Xorist Ransomware
- Xorist Ransomware
  Xorist is a ransomware first seen in 2020.
  ransomware xorist
- Xorist family
  xorist
- Renames multiple (1912) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31
- Target
  
  installer.exe
- Size
  
  396KB
- MD5
  
  d1550649c3e2ebe1bf11949fa7a7d5f2
- SHA1
  
  a672c879062b8f1b6a84c12fecfc3b96883d36b8
- SHA256
  
  384df588fa4fb60c4986a1156b21314ce7c66468f9f4c8fac1a6b3a3cde1fe58
- SHA512
  
  824914391491b4e3e02cf5dd87a43c2429a75085343b206a71c2b3889ef3efdd92f015356584cee373e6c20ffdaf5d918fa033cc2e8b65a363e161c92d8f1603
- SSDEEP
  
  12288:jANwRo+mv8QD4+0V16nkFkkk2kyWs/S4REn+58zOG:jAT8QE+kHW+S4REn+K
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral32