General
-
Target
5d8c6e9022da9cdde7c83e500bc09660_JaffaCakes118
-
Size
39KB
-
Sample
241019-tzmrfsxfmp
-
MD5
5d8c6e9022da9cdde7c83e500bc09660
-
SHA1
fc8679bea044346912f09ff17ded0caf53af9b07
-
SHA256
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392
-
SHA512
373ca7cbcb63d1cd4bf33be6c524a8104781a714aaa0d50991cabfe746143ca18f355a592f681128ffb829fe82d7f5e3f4d2d5e956a520f2d4b9a7645f37e4ed
-
SSDEEP
384:HebFNw4Pk1itKkpAjjalraxkqYvjSXkDCgSZWQbxpwMB:H0FmBkpKj1xnY7fDCpHxpF
Malware Config
Targets
-
-
Target
5d8c6e9022da9cdde7c83e500bc09660_JaffaCakes118
-
Size
39KB
-
MD5
5d8c6e9022da9cdde7c83e500bc09660
-
SHA1
fc8679bea044346912f09ff17ded0caf53af9b07
-
SHA256
e520e80d78251c93a6ab15bcca6217d111075d0e218c2b571cdc5dc5d981d392
-
SHA512
373ca7cbcb63d1cd4bf33be6c524a8104781a714aaa0d50991cabfe746143ca18f355a592f681128ffb829fe82d7f5e3f4d2d5e956a520f2d4b9a7645f37e4ed
-
SSDEEP
384:HebFNw4Pk1itKkpAjjalraxkqYvjSXkDCgSZWQbxpwMB:H0FmBkpKj1xnY7fDCpHxpF
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-