General
-
Target
46f19e1e156b92cefc027a98963034e2_JaffaCakes118
-
Size
22KB
-
Sample
241015-k69ecswdlf
-
MD5
46f19e1e156b92cefc027a98963034e2
-
SHA1
1812b0a69a7c4af7761d3de6e090cf2986d513da
-
SHA256
1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195
-
SHA512
51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d
-
SSDEEP
384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y
Behavioral task
behavioral1
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
46f19e1e156b92cefc027a98963034e2_JaffaCakes118
-
Size
22KB
-
MD5
46f19e1e156b92cefc027a98963034e2
-
SHA1
1812b0a69a7c4af7761d3de6e090cf2986d513da
-
SHA256
1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195
-
SHA512
51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d
-
SSDEEP
384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y
-
Detected Xorist Ransomware
-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-