General

  • Target

    103f89102b555972c2d4dd7e43d914bc_JaffaCakes118

  • Size

    11KB

  • Sample

    241003-x68jaawdra

  • MD5

    103f89102b555972c2d4dd7e43d914bc

  • SHA1

    3de992a854db49da33f322e147a889949d53d6b1

  • SHA256

    3c5f95836a35405a1f1a24a2fef4819403adfaa614c38daa88056bf443232a5d

  • SHA512

    0b74010fa0c88f4ff058e27412c48de67a65bba0cdff6e1eee3793dcf679b6c349174f5d2522335ab97a3d4ea7fa1ab3599fccaf7b447ca4900b3a3fb259c264

  • SSDEEP

    192:nzdrr1FG1WDCgmjPZulJYm0Sg3BCEiZMsr1u0KKYfUA:nprr1gkDCgSyiCrFuvtfB

Malware Config

Targets

    • Target

      103f89102b555972c2d4dd7e43d914bc_JaffaCakes118

    • Size

      11KB

    • MD5

      103f89102b555972c2d4dd7e43d914bc

    • SHA1

      3de992a854db49da33f322e147a889949d53d6b1

    • SHA256

      3c5f95836a35405a1f1a24a2fef4819403adfaa614c38daa88056bf443232a5d

    • SHA512

      0b74010fa0c88f4ff058e27412c48de67a65bba0cdff6e1eee3793dcf679b6c349174f5d2522335ab97a3d4ea7fa1ab3599fccaf7b447ca4900b3a3fb259c264

    • SSDEEP

      192:nzdrr1FG1WDCgmjPZulJYm0Sg3BCEiZMsr1u0KKYfUA:nprr1gkDCgSyiCrFuvtfB

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks