General

  • Target

    1222ed64e9e26f248791d66485906363_JaffaCakes118

  • Size

    39KB

  • Sample

    241004-gsqhjsyaml

  • MD5

    1222ed64e9e26f248791d66485906363

  • SHA1

    c65e557698063038ede9ac2c20fa08deb5a86fa3

  • SHA256

    52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c

  • SHA512

    8a29c1bd848414c84b882c899c81fab6d4e02f36f7a3c17d5c5c189a1d1fa8187fd4a6751584af85ad04c7c7fe161b7aac4b1527c7248cfbb7b0066d8155724d

  • SSDEEP

    384:1ebFNw4Pk1itKkpAjjalrhVl8MqYvjSo1OkDCgSrN1w+MB:10FmBkpKjWQPY7fDCbNin

Malware Config

Targets

    • Target

      1222ed64e9e26f248791d66485906363_JaffaCakes118

    • Size

      39KB

    • MD5

      1222ed64e9e26f248791d66485906363

    • SHA1

      c65e557698063038ede9ac2c20fa08deb5a86fa3

    • SHA256

      52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c

    • SHA512

      8a29c1bd848414c84b882c899c81fab6d4e02f36f7a3c17d5c5c189a1d1fa8187fd4a6751584af85ad04c7c7fe161b7aac4b1527c7248cfbb7b0066d8155724d

    • SSDEEP

      384:1ebFNw4Pk1itKkpAjjalrhVl8MqYvjSo1OkDCgSrN1w+MB:10FmBkpKjWQPY7fDCbNin

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2214) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks