General

  • Target

    142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118

  • Size

    6KB

  • Sample

    241004-vgg9pavgpp

  • MD5

    142dee4d0f5e7f5cef251ce32bc0052f

  • SHA1

    9ab68b46167b0aed7cb3eacc2ca7a1804b185955

  • SHA256

    05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada

  • SHA512

    95d6159c79a323f430ecb4f32fb7c1f5a677839d5a1e3d0e9c5707997d2f20875c988a196f9448e4a4a5308431e6daa315736aad16b4b945fe9fe3478386abd1

  • SSDEEP

    96:q1Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExnPnhAillj7jRmW+/bOo:Mzdrr1FG1WDCgmjPZ5vlXMVOTMUA

Malware Config

Targets

    • Target

      142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118

    • Size

      6KB

    • MD5

      142dee4d0f5e7f5cef251ce32bc0052f

    • SHA1

      9ab68b46167b0aed7cb3eacc2ca7a1804b185955

    • SHA256

      05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada

    • SHA512

      95d6159c79a323f430ecb4f32fb7c1f5a677839d5a1e3d0e9c5707997d2f20875c988a196f9448e4a4a5308431e6daa315736aad16b4b945fe9fe3478386abd1

    • SSDEEP

      96:q1Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExnPnhAillj7jRmW+/bOo:Mzdrr1FG1WDCgmjPZ5vlXMVOTMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2114) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks