General
-
Target
06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118
-
Size
7KB
-
Sample
241001-xadn2ayarb
-
MD5
06ef31e62e5b10e2bacae0493e98e836
-
SHA1
0d8bb8222f1a324e048fb293011db5621ea8299c
-
SHA256
e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923
-
SHA512
5fecd97757798110269f68db72882e62ec8266f2c7f68e1828b836f8e390fb630636942b7e967d22259377d57e122bf2d6102ec5f86be3804ff8f2271c4c25de
-
SSDEEP
96:lUZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExXWVLIgKc2qerbBZxuPP:Kzdrr1FG1WDCgmjPZXWV0ckrbBaGMUA
Behavioral task
behavioral1
Sample
06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118
-
Size
7KB
-
MD5
06ef31e62e5b10e2bacae0493e98e836
-
SHA1
0d8bb8222f1a324e048fb293011db5621ea8299c
-
SHA256
e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923
-
SHA512
5fecd97757798110269f68db72882e62ec8266f2c7f68e1828b836f8e390fb630636942b7e967d22259377d57e122bf2d6102ec5f86be3804ff8f2271c4c25de
-
SSDEEP
96:lUZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExXWVLIgKc2qerbBZxuPP:Kzdrr1FG1WDCgmjPZXWV0ckrbBaGMUA
-
Detected Xorist Ransomware
-
Renames multiple (2204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-