General
-
Target
026c928e0e950ff8918429b70da11216_JaffaCakes118
-
Size
7KB
-
Sample
240930-vsb7tawglj
-
MD5
026c928e0e950ff8918429b70da11216
-
SHA1
4f1c38dc42dc65a35428df7ebe90ad94f5daa2bb
-
SHA256
5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647
-
SHA512
c3bbac4cffbf65e5e885b65457f13f71dc4d5bd04fddb0be05648709914b4858e929b9d3a174ee706411347e328b093c2b2a23d7d5e23d6f520d17d683d85cbe
-
SSDEEP
96:lhZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExJxjDXV6TLIQi9z+LRMB:rzdrr1FG1WDCgmjPZbDF6Tlgz2RMUA
Malware Config
Targets
-
-
Target
026c928e0e950ff8918429b70da11216_JaffaCakes118
-
Size
7KB
-
MD5
026c928e0e950ff8918429b70da11216
-
SHA1
4f1c38dc42dc65a35428df7ebe90ad94f5daa2bb
-
SHA256
5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647
-
SHA512
c3bbac4cffbf65e5e885b65457f13f71dc4d5bd04fddb0be05648709914b4858e929b9d3a174ee706411347e328b093c2b2a23d7d5e23d6f520d17d683d85cbe
-
SSDEEP
96:lhZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExJxjDXV6TLIQi9z+LRMB:rzdrr1FG1WDCgmjPZbDF6Tlgz2RMUA
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-