General

  • Target

    56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118

  • Size

    39KB

  • Sample

    241018-k9jccayfjc

  • MD5

    56a19e5b14e69a5026c51d53198ad0bf

  • SHA1

    5eb79a58f2ec1681a91299fe924e476ee7ce23b1

  • SHA256

    4c3a79e665b140217270e151cfbed8144b843e88fa0944caaea64ac6d880baf8

  • SHA512

    a14970cdc5359199c58e555b506ce6ef15c2edbb7ce9b12b40f3ba7059527ab9e66421a78aafcbd8ae2f58908d1d070bfc7ab552e97b67b7c642e425bda92b35

  • SSDEEP

    384:jrFjn2LitKkpArp6lrzF6qYvjSEtVHEF8VuPMB:jIDkpypAY7/xnVD

Malware Config

Targets

    • Target

      56a19e5b14e69a5026c51d53198ad0bf_JaffaCakes118

    • Size

      39KB

    • MD5

      56a19e5b14e69a5026c51d53198ad0bf

    • SHA1

      5eb79a58f2ec1681a91299fe924e476ee7ce23b1

    • SHA256

      4c3a79e665b140217270e151cfbed8144b843e88fa0944caaea64ac6d880baf8

    • SHA512

      a14970cdc5359199c58e555b506ce6ef15c2edbb7ce9b12b40f3ba7059527ab9e66421a78aafcbd8ae2f58908d1d070bfc7ab552e97b67b7c642e425bda92b35

    • SSDEEP

      384:jrFjn2LitKkpArp6lrzF6qYvjSEtVHEF8VuPMB:jIDkpypAY7/xnVD

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks