General

  • Target

    0db31955e3dc63769545a494d23cb356_JaffaCakes118

  • Size

    137KB

  • Sample

    241003-dzta8sscpn

  • MD5

    0db31955e3dc63769545a494d23cb356

  • SHA1

    53799e1ba3cd3b2d24f225e7785864b54f7581aa

  • SHA256

    c426a40d0495cb8bbb413d91501ea9907bd85b12be901e07c358555ad1c98aa5

  • SHA512

    3efb45ea260e30815f28d8504b5c8cf6594e0df7f918d8ae849fb87b1f1fb9b9353ac2370e629cd854b0a5e1155f618e947c663c97670182a264f33631a34fd3

  • SSDEEP

    3072:bUQvMazs2YGHHAhVd1nut+uV2mTVDjFwkWl176jZ1hCagdjvBl:XQ2rH6VdRQ/vqkg1gEagdjZ

Malware Config

Targets

    • Target

      0db31955e3dc63769545a494d23cb356_JaffaCakes118

    • Size

      137KB

    • MD5

      0db31955e3dc63769545a494d23cb356

    • SHA1

      53799e1ba3cd3b2d24f225e7785864b54f7581aa

    • SHA256

      c426a40d0495cb8bbb413d91501ea9907bd85b12be901e07c358555ad1c98aa5

    • SHA512

      3efb45ea260e30815f28d8504b5c8cf6594e0df7f918d8ae849fb87b1f1fb9b9353ac2370e629cd854b0a5e1155f618e947c663c97670182a264f33631a34fd3

    • SSDEEP

      3072:bUQvMazs2YGHHAhVd1nut+uV2mTVDjFwkWl176jZ1hCagdjvBl:XQ2rH6VdRQ/vqkg1gEagdjZ

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (734) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks