General

  • Target

    0d3db8fc7b4e9c299e613cdf2809e840_JaffaCakes118

  • Size

    40KB

  • Sample

    241003-bh19eazgjf

  • MD5

    0d3db8fc7b4e9c299e613cdf2809e840

  • SHA1

    53d4fe38e838e009dc0bbde5209be3d939059894

  • SHA256

    bb2af509e0c550876fcc7b44b052f9fd9e76a872dfbdd5c9ea987fc9fa335a9f

  • SHA512

    65d0b9fcd86afa1dc354599c53b78be7b28b7c0450a53b2a7d43e6ad35971846ab82c75bb654015e72ba19562a60063edf68c864c55dcc3d6355f7ae30f7068e

  • SSDEEP

    384:BebFNw4Pk1itKkpAjjalrU5BrJEqYvjS7kDCgSl8HXMB:B0FmBkpKj7BY77DC1ek

Malware Config

Targets

    • Target

      0d3db8fc7b4e9c299e613cdf2809e840_JaffaCakes118

    • Size

      40KB

    • MD5

      0d3db8fc7b4e9c299e613cdf2809e840

    • SHA1

      53d4fe38e838e009dc0bbde5209be3d939059894

    • SHA256

      bb2af509e0c550876fcc7b44b052f9fd9e76a872dfbdd5c9ea987fc9fa335a9f

    • SHA512

      65d0b9fcd86afa1dc354599c53b78be7b28b7c0450a53b2a7d43e6ad35971846ab82c75bb654015e72ba19562a60063edf68c864c55dcc3d6355f7ae30f7068e

    • SSDEEP

      384:BebFNw4Pk1itKkpAjjalrU5BrJEqYvjS7kDCgSl8HXMB:B0FmBkpKj7BY77DC1ek

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks