General

  • Target

    0fbf8c91afd09939c5ad7edc5ebb3c62_JaffaCakes118

  • Size

    7KB

  • Sample

    241003-vjjkjaweqk

  • MD5

    0fbf8c91afd09939c5ad7edc5ebb3c62

  • SHA1

    a13a0edaf4b9619d594ea661f210d398bb48ff9e

  • SHA256

    a3ab525165a12084496992acc2e98b6acab1d89ec60f40faac5103090b0c9d6c

  • SHA512

    8fb679351d55c7af5a592f5532d004a827d04ae14c42b25726402876428ff50a679656ed845a8b8d661952af9ad1da76497598a7bfc58e02dd769907c50cff40

  • SSDEEP

    192:Cxzdrr1FG1WDCgmjPZUCFiwmNVlxGMUA:sprr1gkDCgS9FiwcAMB

Malware Config

Targets

    • Target

      0fbf8c91afd09939c5ad7edc5ebb3c62_JaffaCakes118

    • Size

      7KB

    • MD5

      0fbf8c91afd09939c5ad7edc5ebb3c62

    • SHA1

      a13a0edaf4b9619d594ea661f210d398bb48ff9e

    • SHA256

      a3ab525165a12084496992acc2e98b6acab1d89ec60f40faac5103090b0c9d6c

    • SHA512

      8fb679351d55c7af5a592f5532d004a827d04ae14c42b25726402876428ff50a679656ed845a8b8d661952af9ad1da76497598a7bfc58e02dd769907c50cff40

    • SSDEEP

      192:Cxzdrr1FG1WDCgmjPZUCFiwmNVlxGMUA:sprr1gkDCgS9FiwcAMB

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks