exorcist | 768b40ceafed20055bbc60418929e8ec52fe3d1935caa1405af01e775d03e5e1 | Triage

Submit
Reports

Overview

overview

Static

static

excorsist.bin.exe

windows7_x64

excorsist.bin.exe

windows10_x64

Sharing

General

Target

excorsist.bin.zip
Size

36KB
Sample

201001-qag4hak1ta
MD5

d58f419a1e057da01890865a79657424
SHA1

b17ef18c6a147162ca246054db70c817a30ab845
SHA256

768b40ceafed20055bbc60418929e8ec52fe3d1935caa1405af01e775d03e5e1
SHA512

5c2c2e0506d1e13b331cc39d74064190a9744fba0dd40c844917111a7f2ccc1b4cef8b6a01aab7f89a912bfde2b83622159cb047d2e8e33038cdfd9ad8e5990d

Score

10^/10

exorcist persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

excorsist.bin.exe

Resource

win7

ransomware exorcist persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

excorsist.bin.exe

Resource

win10

ransomware exorcist persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  excorsist.bin
- Size
  
  68KB
- MD5
  
  9e5c89c84cdbf460fc6857c4e32dafdf
- SHA1
  
  ee0a95846ce48c59261eda0fdd6b38dfc83d9f4d
- SHA256
  
  dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620
- SHA512
  
  6da517ae5159ebcb0ac138b34215924fb21adae619c3c15ede6863866648e445633f482b2beaddbe74de66b48e18d106dbde3253ee2d3ce86da667f7f8494cd8
Score

10^/10

ransomware exorcist persistence
- Exorcist Ransomware
  Ransomware-as-a-service which avoids infecting machines in CIS nations. First seen in mid-2020.
  ransomware exorcist
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwareexorcistpersistence

behavioral2

ransomwareexorcistpersistence

© 2018-2024

Terms | Privacy