General

  • Target

    0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118

  • Size

    89KB

  • Sample

    241003-kzzxcavfjj

  • MD5

    0ee053ab4b7a3f3d1c89a409cd518650

  • SHA1

    d51c35fadebf4927cf2ca1f52636eb2a67536914

  • SHA256

    7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1

  • SHA512

    95d1ed6edf8a72a4452747c600a94b76f09a2ea104a7166178af58e122e654f6f3cb797b6dc026525cd1d23b8dd638ae508afe8b58a2d069293e70567471afa7

  • SSDEEP

    768:brVDCBfXttVayxWxZ2x2EKLjYef+uCEPQfGpd3ALXRGO1bFsR866En+O+iPU+3:br4BfXt75M2V2f+ffGQzRbtFO8616is

Malware Config

Targets

    • Target

      0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118

    • Size

      89KB

    • MD5

      0ee053ab4b7a3f3d1c89a409cd518650

    • SHA1

      d51c35fadebf4927cf2ca1f52636eb2a67536914

    • SHA256

      7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1

    • SHA512

      95d1ed6edf8a72a4452747c600a94b76f09a2ea104a7166178af58e122e654f6f3cb797b6dc026525cd1d23b8dd638ae508afe8b58a2d069293e70567471afa7

    • SSDEEP

      768:brVDCBfXttVayxWxZ2x2EKLjYef+uCEPQfGpd3ALXRGO1bFsR866En+O+iPU+3:br4BfXt75M2V2f+ffGQzRbtFO8616is

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks