General
-
Target
0d20e6aa3159f6835ce0756d8f710929_JaffaCakes118
-
Size
7KB
-
Sample
241003-ay2dnsyfnd
-
MD5
0d20e6aa3159f6835ce0756d8f710929
-
SHA1
dde70ab8312fcc9bb90bc45ac5ae13484f4bc45d
-
SHA256
e297ed65badde263439d03895d0443247024614c15b014c3e83b0c2ec02a1beb
-
SHA512
a1033b7c55205bfc52f8ac8f3ba6ef404992d532d1f70cb9b914fd68cce8eb0050da51fe7631ceb2d29e995f3436380a165e21085de02459b741405279a77f73
-
SSDEEP
96:8RZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExxSIqjld9RhxLpHpMUA:qzdrr1FG1WDCgmjPZxSLJjxLpHpMUA
Malware Config
Targets
-
-
Target
0d20e6aa3159f6835ce0756d8f710929_JaffaCakes118
-
Size
7KB
-
MD5
0d20e6aa3159f6835ce0756d8f710929
-
SHA1
dde70ab8312fcc9bb90bc45ac5ae13484f4bc45d
-
SHA256
e297ed65badde263439d03895d0443247024614c15b014c3e83b0c2ec02a1beb
-
SHA512
a1033b7c55205bfc52f8ac8f3ba6ef404992d532d1f70cb9b914fd68cce8eb0050da51fe7631ceb2d29e995f3436380a165e21085de02459b741405279a77f73
-
SSDEEP
96:8RZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExxSIqjld9RhxLpHpMUA:qzdrr1FG1WDCgmjPZxSLJjxLpHpMUA
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (5879) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-