Malware Analysis: Ragnarok Ransomware
The analysed sample is a malware employed by the Threat Actor known as Ragnarok. The ransomware is responsible for files’ encryption and it is typically executed, by the actors themselves, on the compromised machines. The name of the analysed executable is xs_high.exe, but others have been found used by the same ransomware family (such as xs_normal.exe and xs_remote.exe).
The configuration within the malware contains information regarding the encryption activities, from whitelisted countries to the contents of the ransom note. It is...