General
-
Target
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118
-
Size
7KB
-
Sample
241020-2xhcysxanl
-
MD5
647ea27f3cbaa4a260f9b349431be8fc
-
SHA1
26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f
-
SHA256
732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c
-
SHA512
6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6
-
SSDEEP
96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA
Behavioral task
behavioral1
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118
-
Size
7KB
-
MD5
647ea27f3cbaa4a260f9b349431be8fc
-
SHA1
26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f
-
SHA256
732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c
-
SHA512
6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6
-
SSDEEP
96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA
-
Detected Xorist Ransomware
-
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-