General

  • Target

    076af55038a2ca25f00860ba383bf2b3_JaffaCakes118

  • Size

    7KB

  • Sample

    241001-zwzvhatgrb

  • MD5

    076af55038a2ca25f00860ba383bf2b3

  • SHA1

    22916861e05327fbe2f4dd11d2cbd1fa4de751ff

  • SHA256

    0de568ae32fea692fd9e1ab6d7accc1e35405372813a54a5182053f3c55ea617

  • SHA512

    77e090114d98961a082eaf06da7c21cd7db92e72a4c13affccbae90e506d326533bcfbbccdbb8718874ef1de2a9c04261f6e7cc8283809cf9529380cffbf0169

  • SSDEEP

    192:Bzdrr1FG1WDCgmjPZSy0BA8xtE/5eG1mMUA:Bprr1gkDCgSswmaeGAMB

Malware Config

Targets

    • Target

      076af55038a2ca25f00860ba383bf2b3_JaffaCakes118

    • Size

      7KB

    • MD5

      076af55038a2ca25f00860ba383bf2b3

    • SHA1

      22916861e05327fbe2f4dd11d2cbd1fa4de751ff

    • SHA256

      0de568ae32fea692fd9e1ab6d7accc1e35405372813a54a5182053f3c55ea617

    • SHA512

      77e090114d98961a082eaf06da7c21cd7db92e72a4c13affccbae90e506d326533bcfbbccdbb8718874ef1de2a9c04261f6e7cc8283809cf9529380cffbf0169

    • SSDEEP

      192:Bzdrr1FG1WDCgmjPZSy0BA8xtE/5eG1mMUA:Bprr1gkDCgSswmaeGAMB

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2523) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks