xorist | 5986ff1c3dc4ae35fb9747b6b591f527cd1b77393cc3a77b936a46d4b3936c29 | Triage

Resubmissions

04-01-2025 10:12

250104-l8py6svlfx 10

04-01-2025 10:11

250104-l7xbvsxjgk 10

04-01-2025 10:09

250104-l61ynaxjdr 10

Sharing

General

Target

EncoderBuilder password vazonez.rar
Size

557KB
Sample

250104-l7xbvsxjgk
MD5

db9a548705cfc15f405f571fddecffe0
SHA1

c43f7d464a44f442a8a3fb5bd4e77c290c02240f
SHA256

5986ff1c3dc4ae35fb9747b6b591f527cd1b77393cc3a77b936a46d4b3936c29
SHA512

0a842a158eee3239b024494d250bc1a81f2d0c53778aa755629d601bfafc53fec06e19c955ea4d0d8b81a4bfcb562f36fbbe806bbaa66734f23c0b877351cf18
SSDEEP

12288:MAXGxT7VXQsuNcw4GcRxf4u4xO1OBa4dtCtog/8p+lTSG:yT7VXcNYVxgxOArg0klTSG

Score

10^/10

xorist discovery ransomware upx

Malware Config

Targets

- Target
  
  bin/Encoder_Builder_v2.4.exe
- Size
  
  883KB
- MD5
  
  4c824eb8598f175d41e9a2ea06129890
- SHA1
  
  64b57ea796956cbb60ce4fc702239cbc395aee6f
- SHA256
  
  7a57d83ae7fde49cfd57e7d2753570306a09c6082bc82f75c89d23fa650a0011
- SHA512
  
  122e509a3101a67d867f7a3653c8e5d2f838a04c7cb6a97af52e6b35ad709099a3b5940bca48be225ef0d8403537150f232f6137689180a6fd62affef5114845
- SSDEEP
  
  24576:LIzxV583IWM6MV1KB7pgLB5rnjjUafpVMUXfnuq:8zT5oarn0KtX2q
Score

10^/10

xorist discovery ransomware
- Detected Xorist Ransomware
- Xorist Ransomware
  Xorist is a ransomware first seen in 2020.
  ransomware xorist
- Xorist family
  xorist
behavioral1
- Target
  
  src/Builder/Unit1.pas
- Size
  
  14KB
- MD5
  
  b428eedbbe9e53c7131ec7066090497f
- SHA1
  
  9d0e5a94754bc7e221d39797c98b94bb2f8ac62c
- SHA256
  
  826955d1ad50736fc92710b532ad9929fdec33139c3d724adea516e9aa8514a5
- SHA512
  
  047b4130ac0c3074602103fe24e32498c2267a29084b4da281e03a5e5fa443e569d1bb31cb64b7571e4c232843bbac0c22c3ca134c4692ea18eaf68205763cd5
- SSDEEP
  
  384:PJR0WGaWGoeHEOBol+589buansYeA5LfEXEqf6sJbRXO0R0LHqSIgk:hR0ZaroeHEOBolxjnZe9hCidXOLLHqSU
Score

1^/10
behavioral2
- Target
  
  src/Builder/upx_bin/build.bat
- Size
  
  121B
- MD5
  
  3c4546bfd6feb9d0100e3d30796eaee6
- SHA1
  
  94768e2d2f19c38e491cda9281402f9fbf6185eb
- SHA256
  
  edd6685b792fb0adcd973b1b83801b58430365fa3ba6668301bab2fbab3bc62f
- SHA512
  
  e4217535de0f8b61da345ee6cd5557489ec30218b67e3445fea9ffdfd5a8ae0d23eb83431d6de4176cc27eac0951a775ea8eac16774c6d2ee404fe0407b281f2
Score

1^/10
behavioral3
- Target
  
  src/Builder/upx_bin/upx.exe
- Size
  
  283KB
- MD5
  
  308f709a8f01371a6dd088a793e65a5f
- SHA1
  
  a07c073d807ab0119b090821ee29edaae481e530
- SHA256
  
  c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35
- SHA512
  
  c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28
- SSDEEP
  
  6144:EBgzKMDrn1MUQ8Kr4eNyJf2EycBqABfpV6xSyQy9CZ07Yf+1+ujToS:v5rn6JfXCjUafpVeDQyUXfW+u/oS
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4
- Target
  
  src/crypter/build.bat
- Size
  
  880B
- MD5
  
  8375517fd46ae7a2b351675772e88622
- SHA1
  
  0231987a23c6086ae6999ef677227631041d3e36
- SHA256
  
  7bbbb729242357ce113c62aee025d7ee7655a2da64c42b556a57e5cd599c03e9
- SHA512
  
  fb19022d49cbc813720786d08afb9bfbf520846b4ccc093020aaf3526c34e96e26a515882e62e047ff06d1ad9f59b750d4a4e6b69c06db1fb31c667cc2b8a3ee
Score

1^/10
behavioral5
- Target
  
  src/crypter/crypter.exe
- Size
  
  11KB
- MD5
  
  d94bfb49259b0dc224580099d88899e5
- SHA1
  
  33d595f97c39684562e9c3342d1477719e91678d
- SHA256
  
  cee0058819af4ced052cc25032682e1739574080196e4727b8b390591d634003
- SHA512
  
  a1be423b0a76696688ff0999b840e9bd80397506e0a921383c61f84e2dda9a2fc93d7745d7d9f304e7c440553dac4002141d47f27d7308746ca1948fcbc9c71f
- SSDEEP
  
  192:N/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMc:NebFNw4Pk1itKkpAjjJs6B40Wc
Score

3^/10

discovery
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xoristdiscoveryransomware

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6