General

  • Target

    46f19e1e156b92cefc027a98963034e2_JaffaCakes118

  • Size

    22KB

  • Sample

    241015-k69ecswdlf

  • MD5

    46f19e1e156b92cefc027a98963034e2

  • SHA1

    1812b0a69a7c4af7761d3de6e090cf2986d513da

  • SHA256

    1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195

  • SHA512

    51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d

  • SSDEEP

    384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y

Malware Config

Targets

    • Target

      46f19e1e156b92cefc027a98963034e2_JaffaCakes118

    • Size

      22KB

    • MD5

      46f19e1e156b92cefc027a98963034e2

    • SHA1

      1812b0a69a7c4af7761d3de6e090cf2986d513da

    • SHA256

      1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195

    • SHA512

      51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d

    • SSDEEP

      384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2188) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks