General

  • Target

    647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118

  • Size

    7KB

  • Sample

    241020-2xhcysxanl

  • MD5

    647ea27f3cbaa4a260f9b349431be8fc

  • SHA1

    26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f

  • SHA256

    732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c

  • SHA512

    6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6

  • SSDEEP

    96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA

Malware Config

Targets

    • Target

      647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118

    • Size

      7KB

    • MD5

      647ea27f3cbaa4a260f9b349431be8fc

    • SHA1

      26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f

    • SHA256

      732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c

    • SHA512

      6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6

    • SSDEEP

      96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2191) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks