General
-
Target
076af55038a2ca25f00860ba383bf2b3_JaffaCakes118
-
Size
7KB
-
Sample
241001-zwzvhatgrb
-
MD5
076af55038a2ca25f00860ba383bf2b3
-
SHA1
22916861e05327fbe2f4dd11d2cbd1fa4de751ff
-
SHA256
0de568ae32fea692fd9e1ab6d7accc1e35405372813a54a5182053f3c55ea617
-
SHA512
77e090114d98961a082eaf06da7c21cd7db92e72a4c13affccbae90e506d326533bcfbbccdbb8718874ef1de2a9c04261f6e7cc8283809cf9529380cffbf0169
-
SSDEEP
192:Bzdrr1FG1WDCgmjPZSy0BA8xtE/5eG1mMUA:Bprr1gkDCgSswmaeGAMB
Behavioral task
behavioral1
Sample
076af55038a2ca25f00860ba383bf2b3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
076af55038a2ca25f00860ba383bf2b3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
076af55038a2ca25f00860ba383bf2b3_JaffaCakes118
-
Size
7KB
-
MD5
076af55038a2ca25f00860ba383bf2b3
-
SHA1
22916861e05327fbe2f4dd11d2cbd1fa4de751ff
-
SHA256
0de568ae32fea692fd9e1ab6d7accc1e35405372813a54a5182053f3c55ea617
-
SHA512
77e090114d98961a082eaf06da7c21cd7db92e72a4c13affccbae90e506d326533bcfbbccdbb8718874ef1de2a9c04261f6e7cc8283809cf9529380cffbf0169
-
SSDEEP
192:Bzdrr1FG1WDCgmjPZSy0BA8xtE/5eG1mMUA:Bprr1gkDCgSswmaeGAMB
-
Detected Xorist Ransomware
-
Renames multiple (2523) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-