General

  • Target

    177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118

  • Size

    7KB

  • Sample

    241005-m85kas1drj

  • MD5

    177068f72d69a4594bc3721fc9c1d6f0

  • SHA1

    a24fe2857a2386e2413afa1c7476110cfa7319b9

  • SHA256

    119b55447703c19541eddb96500760104893a136faaf87b46c2871c5a1e7d926

  • SHA512

    de8b5f7155f330d60d17d07c6517285638148392c189e5c8470e1ded83ccf16b10d7499cb2994aed5d514d5fedc980f72bf7901dc98d62e8220abea6db3c79d3

  • SSDEEP

    192:czdrrOFG1WDCgmjPZPxLTLzdtPJftqGMUA:cprrOgkDCgS/HTFtPMB

Malware Config

Targets

    • Target

      177068f72d69a4594bc3721fc9c1d6f0_JaffaCakes118

    • Size

      7KB

    • MD5

      177068f72d69a4594bc3721fc9c1d6f0

    • SHA1

      a24fe2857a2386e2413afa1c7476110cfa7319b9

    • SHA256

      119b55447703c19541eddb96500760104893a136faaf87b46c2871c5a1e7d926

    • SHA512

      de8b5f7155f330d60d17d07c6517285638148392c189e5c8470e1ded83ccf16b10d7499cb2994aed5d514d5fedc980f72bf7901dc98d62e8220abea6db3c79d3

    • SSDEEP

      192:czdrrOFG1WDCgmjPZPxLTLzdtPJftqGMUA:cprrOgkDCgS/HTFtPMB

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2214) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks