xorist | 68a6624d0f915f8f33d3e1f674a5f1c7f2a526310cf5c123ee1cd0adcc5c2c20 | Triage

Sharing

General

Target

4ed9d2a15fba429cac086d6633eb7092_JaffaCakes118
Size

114KB
Sample

241016-y62amsvbmk
MD5

4ed9d2a15fba429cac086d6633eb7092
SHA1

b570e1749664058a8d1f939c1bd62687e4e34914
SHA256

68a6624d0f915f8f33d3e1f674a5f1c7f2a526310cf5c123ee1cd0adcc5c2c20
SHA512

092065cebf24904f8106be84a7a6a520104046e8648ddf0912fe7df1553ff9d5dc3f62524848e6a1fc97c5d396a143126feb110e2f64822309eba6affafd0c09
SSDEEP

3072:2D8cdhmAjNIhz7MdOuVEjVLqnyvqACIC9LX/phN:29hmt17M/E5LqyuIC9r/R

Score

10^/10

xorist discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  4ed9d2a15fba429cac086d6633eb7092_JaffaCakes118
- Size
  
  114KB
- MD5
  
  4ed9d2a15fba429cac086d6633eb7092
- SHA1
  
  b570e1749664058a8d1f939c1bd62687e4e34914
- SHA256
  
  68a6624d0f915f8f33d3e1f674a5f1c7f2a526310cf5c123ee1cd0adcc5c2c20
- SHA512
  
  092065cebf24904f8106be84a7a6a520104046e8648ddf0912fe7df1553ff9d5dc3f62524848e6a1fc97c5d396a143126feb110e2f64822309eba6affafd0c09
- SSDEEP
  
  3072:2D8cdhmAjNIhz7MdOuVEjVLqnyvqACIC9LX/phN:29hmt17M/E5LqyuIC9r/R
Score

10^/10

xorist discovery ransomware spyware stealer
- Detected Xorist Ransomware
- Xorist Ransomware
  Xorist is a ransomware first seen in 2020.
  ransomware xorist
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xoristdiscoveryransomwarespywarestealer

behavioral2

xoristdiscoveryransomwarespywarestealer