General
-
Target
6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118
-
Size
7KB
-
Sample
241022-nbt8qstgpr
-
MD5
6a3617e86953e7f4b177ead1c84f71f6
-
SHA1
60ec0fecd409b5d9cdcb7e09bb9d692e2a6746ec
-
SHA256
9e26ae8f25bc652990615b37c49724377bd9e07a2bc3cfb9c9d9ef19a59b8a98
-
SHA512
dfc16fb2efe581506d943f4e1ce1926b5ca28133012d9ae51393111f90895587610cbf65e626051fcd30ec54f80e098553946b081510f85f3a785b18cb976321
-
SSDEEP
96:1yZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx/XAHwINBXlqlDmMUA:4zdrr1FG1WDCgmjPZ/XijNVlYmMUA
Behavioral task
behavioral1
Sample
6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118
-
Size
7KB
-
MD5
6a3617e86953e7f4b177ead1c84f71f6
-
SHA1
60ec0fecd409b5d9cdcb7e09bb9d692e2a6746ec
-
SHA256
9e26ae8f25bc652990615b37c49724377bd9e07a2bc3cfb9c9d9ef19a59b8a98
-
SHA512
dfc16fb2efe581506d943f4e1ce1926b5ca28133012d9ae51393111f90895587610cbf65e626051fcd30ec54f80e098553946b081510f85f3a785b18cb976321
-
SSDEEP
96:1yZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx/XAHwINBXlqlDmMUA:4zdrr1FG1WDCgmjPZ/XijNVlYmMUA
-
Detected Xorist Ransomware
-
Renames multiple (2203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-