General

  • Target

    1293a6ef273eb551dc2a634ff8bb6723fd4fdcf4a0c8d88a9825bf65405b448dN.exe

  • Size

    7KB

  • Sample

    241205-kfz31awqat

  • MD5

    b639ed6b63209bf0ab2a5b144f3fcd30

  • SHA1

    cb5b7f4e3be0d8f9078845dd4b3cfef17e252432

  • SHA256

    1293a6ef273eb551dc2a634ff8bb6723fd4fdcf4a0c8d88a9825bf65405b448d

  • SHA512

    c4efd3478f7ad2cc4db4457bd0a92d2186ee875bd61ee80547b6ed990ed3f50b988fe058320c7a17c9a058f1d427fa5e23ca5b54886112050be9efce8a59d7d5

  • SSDEEP

    96:1AZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExAQbodG7GqqKZMUA:uzdrr1FG1WDCgmjPZA2ZpZMUA

Malware Config

Targets

    • Target

      1293a6ef273eb551dc2a634ff8bb6723fd4fdcf4a0c8d88a9825bf65405b448dN.exe

    • Size

      7KB

    • MD5

      b639ed6b63209bf0ab2a5b144f3fcd30

    • SHA1

      cb5b7f4e3be0d8f9078845dd4b3cfef17e252432

    • SHA256

      1293a6ef273eb551dc2a634ff8bb6723fd4fdcf4a0c8d88a9825bf65405b448d

    • SHA512

      c4efd3478f7ad2cc4db4457bd0a92d2186ee875bd61ee80547b6ed990ed3f50b988fe058320c7a17c9a058f1d427fa5e23ca5b54886112050be9efce8a59d7d5

    • SSDEEP

      96:1AZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExAQbodG7GqqKZMUA:uzdrr1FG1WDCgmjPZA2ZpZMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks