xorist | fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_8.zip
Size

5.3MB
Sample

241122-d95f9atpax
MD5

a08902a38452cd5ce655ba54040c5833
SHA1

b94c8f6b0be6f2e8f003c9cfde9d8857d752cb2b
SHA256

fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653
SHA512

990a022b6ae18b72daca14bc1c0eee95f1e89e366fc62b9b4824e4cd63f261837a56461439fce9b5a6a6aaec03912595d36f1dadeea5661a4cb6a050d40fb12a
SSDEEP

98304:F6DMk1Jj0MM/64iXHiO1/ghHDwkLP1tfd4HLMXaWPNEa82i2noWmELP7lQw4oJ7:FWHnM/6l5QDbPrV4HORnoGCw4oJ7

Score

10^/10

Malware Config

Targets

- Target
  
  FD4DC9B2BFF8D75A704E8FE33C63DA4B.exe
- Size
  
  214KB
- MD5
  
  fd4dc9b2bff8d75a704e8fe33c63da4b
- SHA1
  
  d45d764fad516464ae784ed61a71e234b10dba42
- SHA256
  
  9ed8b4e2db6d4feb162a0b1109ba4ca92065bd7d1256b6d234e9840dd36ef581
- SHA512
  
  732a7e209e493e18ae421bc28415389433d1827e4334c40671d354067d280a18a686cc83d9538bd331f66011b8149570b40664061485cfab7b592b7f9e82bdcb
- SSDEEP
  
  3072:F51M+lmsolAIrRuw+mqv9j1MWLQllg6CM+lmsolAIrRuw+mqv9j1MWLQlL:Fg+lDAAaD+lDAAmL
Score

1^/10
behavioral1 behavioral2
- Target
  
  Flyper.exe
- Size
  
  214KB
- MD5
  
  7b75b33bcf4ecf013b93f84ed98b3fb5
- SHA1
  
  7be5f5dcf6b9519c0f8c8071503b7f5dd66b6386
- SHA256
  
  74aa7b73b46d7bd7bc53cb44add9ec8172f2de7831d045e33db06e2d6b916edf
- SHA512
  
  96e1253358db1f724b381f9e1e416cc35bf44d94505e8b86508676f997b44be65d3c33c22df9c004652a34170e48805f9b7ba6f2703dd287e8c770cb426c5114
- SSDEEP
  
  3072:5W1M+lmsolAIrRuw+mqv9j1MWLQFPBCM+lmsolAIrRuw+mqv9j1MWLQlL:5J+lDAAIv+lDAAmL
Score

1^/10
behavioral3 behavioral4
- Target
  
  Flyper2.exe
- Size
  
  214KB
- MD5
  
  d02d012970aa164cad15c757d7e52994
- SHA1
  
  25eef16797a7cf4168938f9d372332d65356b6f7
- SHA256
  
  eba685abd63d2c7378f788aa5ca8e4f95f4b82b51347cb8818090ef54e8f7d29
- SHA512
  
  640545996e924b5f759ba69f970686e67defc9142a195fb6774dd275e22961fd9b21328b119d42b4032f1cf4eb6363ccce64bf6f423d2bf3ddc1d8d5b1f524ee
- SSDEEP
  
  3072:BM+lmsolAIrRuw+mqv9j1MWLQ6xZ4qM+lmsolAIrRuw+mqv9j1MWLQlL:6+lDAArx2+lDAAmL
Score

1^/10
behavioral5 behavioral6
- Target
  
  Flyper3.exe
- Size
  
  214KB
- MD5
  
  fd4dc9b2bff8d75a704e8fe33c63da4b
- SHA1
  
  d45d764fad516464ae784ed61a71e234b10dba42
- SHA256
  
  9ed8b4e2db6d4feb162a0b1109ba4ca92065bd7d1256b6d234e9840dd36ef581
- SHA512
  
  732a7e209e493e18ae421bc28415389433d1827e4334c40671d354067d280a18a686cc83d9538bd331f66011b8149570b40664061485cfab7b592b7f9e82bdcb
- SSDEEP
  
  3072:F51M+lmsolAIrRuw+mqv9j1MWLQllg6CM+lmsolAIrRuw+mqv9j1MWLQlL:Fg+lDAAaD+lDAAmL
Score

1^/10
behavioral7 behavioral8
- Target
  
  Free YouTube Downloader.exe
- Size
  
  153KB
- MD5
  
  f33a4e991a11baf336a2324f700d874d
- SHA1
  
  9da1891a164f2fc0a88d0de1ba397585b455b0f4
- SHA256
  
  a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
- SHA512
  
  edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20
- SSDEEP
  
  3072:PkFkkk2kyWxkFkkk2kyWD4zC270lkFkkk2kyW:PkFkkk2kyWxkFkkk2kyWDwOkFkkk2kyW
Score

3^/10
behavioral10 behavioral9
- Target
  
  FreeYoutubeDownloader11012016.exe
- Size
  
  376KB
- MD5
  
  8731c5b9c6b632517b757219113dd853
- SHA1
  
  732c867995bcf67eb6f0e21f3c76e5428ceb8a71
- SHA256
  
  1e307799a25403c465d634854a10ee9329aef33a06ec41538264f8ec6695b8c7
- SHA512
  
  25350e182d17d5d568287ef9bf173823d4fc4e3d90aff13d2108ee99fd9ccdf5c8b13bff5353ced1b61a91942b0ebdc42ec770bc9fe9f9102d877d2fa5760aff
- SSDEEP
  
  6144:m/QiQXk4oL8+Ee0CYDTAsdR9H8RMDgxqvUUl49EcATvx04/o7+ze4S62T3hG47no:eQi94oL8+iDNdRNUkg0UUl42cATvxsZe
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  file (1).exe
- Size
  
  136KB
- MD5
  
  0b37809ae839d24f5a54c3a16f5b4f35
- SHA1
  
  d3091cee95575a53ce93b886469924f2603efbdc
- SHA256
  
  2902a063774a2092d85dfca18650b87fdc087a337add8012e67ea7cdd5debcc2
- SHA512
  
  0a9267efc5c0fc25d812f52ff95bd20bae31a12e78fe1ecf07a6d5a993f2a71a66180ae826b3097982b78c221a7f8313c45403042e54a7247a50e7c3ce984895
- SSDEEP
  
  3072:4PTKQFRiVdubWibOQNi3MWL4FksNYFfPK:4PFRwAbpi3MDEK
Score

10^/10

defense_evasion discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral13 behavioral14
- Target
  
  file (2).exe
- Size
  
  100KB
- MD5
  
  947740d3bc01db29b14d1752e20775c7
- SHA1
  
  408847d6c160f4ad377a1844f88bba43ca470f82
- SHA256
  
  cd7843ba1ae94328aeecfe27eff4fc3e449f297116760a37ebb72a13525e0638
- SHA512
  
  dde21adca681cb489ac12412d41ba6ad9bd997f5ccc4f0307630373ea6c68d67596105c38446958ff0d5276159fa9e45d8e566b79f1c41ede2b7c010bab3b1c0
- SSDEEP
  
  3072:UvE3ZxbErzsP2igyL5iolnJ3F+sNYFfP:UE0rzsPLQmNE
Score

10^/10

discovery persistence defense_evasion evasion spyware stealer trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  file (3).exe
- Size
  
  146KB
- MD5
  
  f26c45393af03e80a40ea06aafb01c63
- SHA1
  
  7c7e2f2e97269fce1777e00fd9a02f378cdc2e60
- SHA256
  
  9ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
- SHA512
  
  a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
- SSDEEP
  
  3072:c0f+6XYD/v+IE1ntwfEqZKfW03DKk9eOxdN/7uzNooX2MsNYFfPu:L7C/Wz1ntwfEq4fHwOZ6FXoE
Score

10^/10

defense_evasion discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral17 behavioral18
- Target
  
  file (4).exe
- Size
  
  97KB
- MD5
  
  241421356dd99063199983faaaec1d8b
- SHA1
  
  2f65f6007347bdeb6bce09f7b727ed3db30c86a8
- SHA256
  
  ca1d9b37d93106cab5f20fde3e6943ac0ae4761589cf31e2554fbabfaf80bfd5
- SHA512
  
  59757412acc955bbf6a0695fac8b1b7ac231ae9bee71a42307cc4ec793c09f4d52a7358b0a8b40fa0658fbc688743034eedcf16da36f8bd2643cc48deb2c73ee
- SSDEEP
  
  1536:WUVdfhkoWcPdBW4TVu5nHhJKqMkwN7Y0S8iXU0CsNdyukfP+:WUVTVg5BWkfqUEsNYFfP+
Score

10^/10

defense_evasion discovery evasion trojan persistence spyware stealer
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral19 behavioral20
- Target
  
  file (6).exe
- Size
  
  157KB
- MD5
  
  438580ccbffdc97ad5b9f09a213c3e8f
- SHA1
  
  0437c2003974a979ecc4170544f2f863c7dafd12
- SHA256
  
  f77ef2ace574ee9a7d758ef00f7df14c940381625b12a4b65e5e292d1ef34b1c
- SHA512
  
  a8214216662cc7323b3ab0aec016647581ff2ca68edeab9bf340c7befb088f501d7d592f901eea48211681bcf5f90fc74293b940152f32e1be6555f55dd4dbd8
- SSDEEP
  
  3072:0t6Gtx/jjOtP8JV4Y1aaH67pnMK/MdyGwsNYFfP:0thut0JV3fOMdE
Score

10^/10

defense_evasion discovery evasion persistence trojan spyware stealer
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral21 behavioral22
- Target
  
  file (7).exe
- Size
  
  414KB
- MD5
  
  5c6416f819bfbca2f1862691a03f68be
- SHA1
  
  b26cb187e3ea74fbb76bbea4096aa9315ac4e405
- SHA256
  
  b5c2e240ebc4323421fea99a02507a79ea9fba5b29ee9b6cc3e808d288de8c02
- SHA512
  
  9288510c7541aace8bd669f2ed8e186760a1d224874234a1d797fd7f64462313308828785e43edd010d332f589f8ba93124fe55879638655d18673d56c0d0b26
- SSDEEP
  
  12288:IOkIEyW/jLPWXR8Kwxs/bJYorMvQGuArOQb1K1Gc4nS:AyWPWq/xAxMbrOQJ9c4n
Score

3^/10
behavioral23 behavioral24
- Target
  
  file.exe
- Size
  
  256KB
- MD5
  
  56fe9f129308ccb3a1babe9169f2414c
- SHA1
  
  74809983aa3e0562d69ba5ea5da09b75cd5d1d1e
- SHA256
  
  6b9611c64a82acc1bcb4ee26b372e6b1717e4acb790139d5e296bfc3c440ec24
- SHA512
  
  ac0d0a3610a3bdeaeea0b087c9dc9b86a61971b98c91bca6efa22989debccbc4b8fce1b202a978e10d06d0c38fc93e97a8b68986416b8488bc70101eb01003eb
- SSDEEP
  
  3072:YetaGBy9OYojUkNHEk+qza+ik8X9ETCx5z00kEQMwti2rmSy0PMy50UCnLFUgKaX:l9GLkJEk+guZXD5mI2rm3U6FJKaIOJ
Score

5^/10

discovery upx
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  file_ (1).exe
- Size
  
  288KB
- MD5
  
  6ffa35b0a2acd5565ade6d3e1af64a94
- SHA1
  
  7cd6bd698f1629a5ef913012c4b0ddad41f9a332
- SHA256
  
  66c7984e9f8af6d058d696c4f38efe2d527d02bfba83a3ec2db204ce9c70aa29
- SHA512
  
  916d4591806e95a5967c0dc495988b30202f14395efc85586e7c1294c22352a93a8ed8d3df7ebcf44809830a44f211f365196adced4da863479024a86a762f72
- SSDEEP
  
  6144:eSMxSiMnm1e22/p56dNI07bMLox7xRoVkUSlS6mldw40jELBAF:eSwys32/ydNI07bmcxAkHSTZdAF
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  file_ (2).exe
- Size
  
  164KB
- MD5
  
  fb7f7126227b912f6cecb6f6350e845b
- SHA1
  
  1ca974c516cff5f349a60b5079dd19da12f530ab
- SHA256
  
  9f3c0bbe50b6be0afbb518a02cbdadd2b8b70041b08c26e526126ef383e1b9ac
- SHA512
  
  86998f55b2bb03dcb3afd2a2a73e323e9e7f48592acb9b2f5620508ab981a849d9a9774b5379b73ea618347996a1f8b6d9f8dcf52ab7e95bef8b6f435f47b56b
- SSDEEP
  
  3072:44LgKLXiA+3uShifxS/OQSYGHGQwtkTYpj7ToyJIP+ZWs+YqCC/RYnsf:44LgKL+ixAOQZGmLtk27To1uWs+dCC0
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  file_ (3).exe
- Size
  
  287KB
- MD5
  
  9b64fa84f1b815d909f4d4134ef2f077
- SHA1
  
  65da225d8393095f657f75eb16928408d2235048
- SHA256
  
  3f319c6679417445c6c1179eb0424b4446a6798acf61efc38c64de780ca64357
- SHA512
  
  b2b2fdfb03da6901f8cb01eb11a7ef1d8bc2757c1202fc14dcad492b7552ec3cdb81fcabc39632d3c1d4ec9ad130c38583f6995f8107816895e87620de875996
- SSDEEP
  
  6144:4F3LPSBCHorc1Z6LBkL2WhSbm2gfRtYwxpTxh+fwZZmqUEL79h:4F3WBrcRL2WJRtewnfP9h
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UAC bypass

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

UAC bypass

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Checks whether UAC is enabled

UAC bypass

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

UAC bypass

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks whether UAC is enabled

UAC bypass

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of SetThreadContext

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32