General

  • Target

    26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118

  • Size

    115KB

  • Sample

    241008-2wmahswakp

  • MD5

    26b5b579551b88501d8997d8a6b9acb0

  • SHA1

    01a917f315ef1c1cda1adf913f9ff5f6be8916e9

  • SHA256

    55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9

  • SHA512

    1c5c3828f22e89761842f0f061941a526835be5a13eae557d4337bbf172e6ef521d36059be1f28027d27cfb26dd1cfc64a70088bfb3c9c60ebf03f67328daa1b

  • SSDEEP

    768:JV6pJbqz6c8CS+kzx8J4N6+qduTRvU7tCLP2kRPKIWhUNMD:J8pJOS+U8mN6+VU7tCLUIQIMD

Malware Config

Targets

    • Target

      26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118

    • Size

      115KB

    • MD5

      26b5b579551b88501d8997d8a6b9acb0

    • SHA1

      01a917f315ef1c1cda1adf913f9ff5f6be8916e9

    • SHA256

      55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9

    • SHA512

      1c5c3828f22e89761842f0f061941a526835be5a13eae557d4337bbf172e6ef521d36059be1f28027d27cfb26dd1cfc64a70088bfb3c9c60ebf03f67328daa1b

    • SSDEEP

      768:JV6pJbqz6c8CS+kzx8J4N6+qduTRvU7tCLP2kRPKIWhUNMD:J8pJOS+U8mN6+VU7tCLUIQIMD

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2208) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks