General

  • Target

    0dcdb939e8524ce89fdfb91a2e675e93_JaffaCakes118

  • Size

    21KB

  • Sample

    241003-eje94sxbqg

  • MD5

    0dcdb939e8524ce89fdfb91a2e675e93

  • SHA1

    a68934aed2b0a430dab8f7ef3a960218faebe583

  • SHA256

    b7aefaf5b83cb8ad0dcb2a5b88d727e1375f54239c009a921a40145952d35573

  • SHA512

    92626161d11c09c8b1fd97fd0ac5185ba981f75ea09b5f205fefbb00e3127ec14d47d28ec3da5f471005ce676cb78ce263e1ad16fc994749a8fb02587665daf1

  • SSDEEP

    384:R4oZDeeumrKCZ1swbbVC2aJ2mO1yq314ZBfprXo0uLpRgMcBi8e/tmBciGN:R9Qe1sIbwOIq3GprXoTLpMeFIctN

Malware Config

Targets

    • Target

      0dcdb939e8524ce89fdfb91a2e675e93_JaffaCakes118

    • Size

      21KB

    • MD5

      0dcdb939e8524ce89fdfb91a2e675e93

    • SHA1

      a68934aed2b0a430dab8f7ef3a960218faebe583

    • SHA256

      b7aefaf5b83cb8ad0dcb2a5b88d727e1375f54239c009a921a40145952d35573

    • SHA512

      92626161d11c09c8b1fd97fd0ac5185ba981f75ea09b5f205fefbb00e3127ec14d47d28ec3da5f471005ce676cb78ce263e1ad16fc994749a8fb02587665daf1

    • SSDEEP

      384:R4oZDeeumrKCZ1swbbVC2aJ2mO1yq314ZBfprXo0uLpRgMcBi8e/tmBciGN:R9Qe1sIbwOIq3GprXoTLpMeFIctN

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2188) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks