General

  • Target

    115cca6a089868bf2ba2387be8ead76f_JaffaCakes118

  • Size

    13KB

  • Sample

    241004-cd65jaybpj

  • MD5

    115cca6a089868bf2ba2387be8ead76f

  • SHA1

    38a9905b7f4d34d094fc4f91a2906eacfc004146

  • SHA256

    cd5c48296c6929f64152721fa4c79e4870386476b768a0da70cd72faa3bc7b73

  • SHA512

    2e53d1059779489e9e77819dd880638299d4f418c261e4b721d21e62a78b42486287e1a286139692f42d6c3db315543265ec0137029c448d96810bbae57d2113

  • SSDEEP

    384:H/beRWGOUNBkIcfwiHgPBH+PZVFFvtRB:HDyPOUNKIcfwic+PZVF

Malware Config

Targets

    • Target

      115cca6a089868bf2ba2387be8ead76f_JaffaCakes118

    • Size

      13KB

    • MD5

      115cca6a089868bf2ba2387be8ead76f

    • SHA1

      38a9905b7f4d34d094fc4f91a2906eacfc004146

    • SHA256

      cd5c48296c6929f64152721fa4c79e4870386476b768a0da70cd72faa3bc7b73

    • SHA512

      2e53d1059779489e9e77819dd880638299d4f418c261e4b721d21e62a78b42486287e1a286139692f42d6c3db315543265ec0137029c448d96810bbae57d2113

    • SSDEEP

      384:H/beRWGOUNBkIcfwiHgPBH+PZVFFvtRB:HDyPOUNKIcfwic+PZVF

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks