General

  • Target

    06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118

  • Size

    7KB

  • Sample

    241001-xadn2ayarb

  • MD5

    06ef31e62e5b10e2bacae0493e98e836

  • SHA1

    0d8bb8222f1a324e048fb293011db5621ea8299c

  • SHA256

    e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923

  • SHA512

    5fecd97757798110269f68db72882e62ec8266f2c7f68e1828b836f8e390fb630636942b7e967d22259377d57e122bf2d6102ec5f86be3804ff8f2271c4c25de

  • SSDEEP

    96:lUZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExXWVLIgKc2qerbBZxuPP:Kzdrr1FG1WDCgmjPZXWV0ckrbBaGMUA

Malware Config

Targets

    • Target

      06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118

    • Size

      7KB

    • MD5

      06ef31e62e5b10e2bacae0493e98e836

    • SHA1

      0d8bb8222f1a324e048fb293011db5621ea8299c

    • SHA256

      e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923

    • SHA512

      5fecd97757798110269f68db72882e62ec8266f2c7f68e1828b836f8e390fb630636942b7e967d22259377d57e122bf2d6102ec5f86be3804ff8f2271c4c25de

    • SSDEEP

      96:lUZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExXWVLIgKc2qerbBZxuPP:Kzdrr1FG1WDCgmjPZXWV0ckrbBaGMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks