General

  • Target

    04855f75f72f288f166de39c57f9a530_JaffaCakes118

  • Size

    7KB

  • Sample

    241001-f5kmdsxakc

  • MD5

    04855f75f72f288f166de39c57f9a530

  • SHA1

    4521e56c70bac58ca750791d1820caeb21496717

  • SHA256

    5502c0a83dc6c11372f964be66e2e2aa4eb7bcfad8c3fd8e8c958f961bd0772b

  • SHA512

    c6423fce53b8107dc5712df131cf8e3f0873fdd95b5bd41c54158d13bade5fd1c7ebf965e8b6853a0df049bd57a696cc1cf7aa456cf9adddf9553e11747d2f33

  • SSDEEP

    96:V7Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx3FL46xdiozCL1MKHMU:5zdrr1FG1WDCgmjPZ3FM6TDKHMUA

Malware Config

Targets

    • Target

      04855f75f72f288f166de39c57f9a530_JaffaCakes118

    • Size

      7KB

    • MD5

      04855f75f72f288f166de39c57f9a530

    • SHA1

      4521e56c70bac58ca750791d1820caeb21496717

    • SHA256

      5502c0a83dc6c11372f964be66e2e2aa4eb7bcfad8c3fd8e8c958f961bd0772b

    • SHA512

      c6423fce53b8107dc5712df131cf8e3f0873fdd95b5bd41c54158d13bade5fd1c7ebf965e8b6853a0df049bd57a696cc1cf7aa456cf9adddf9553e11747d2f33

    • SSDEEP

      96:V7Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx3FL46xdiozCL1MKHMU:5zdrr1FG1WDCgmjPZ3FM6TDKHMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2541) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks