General

  • Target

    6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118

  • Size

    7KB

  • Sample

    241022-nbt8qstgpr

  • MD5

    6a3617e86953e7f4b177ead1c84f71f6

  • SHA1

    60ec0fecd409b5d9cdcb7e09bb9d692e2a6746ec

  • SHA256

    9e26ae8f25bc652990615b37c49724377bd9e07a2bc3cfb9c9d9ef19a59b8a98

  • SHA512

    dfc16fb2efe581506d943f4e1ce1926b5ca28133012d9ae51393111f90895587610cbf65e626051fcd30ec54f80e098553946b081510f85f3a785b18cb976321

  • SSDEEP

    96:1yZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx/XAHwINBXlqlDmMUA:4zdrr1FG1WDCgmjPZ/XijNVlYmMUA

Malware Config

Targets

    • Target

      6a3617e86953e7f4b177ead1c84f71f6_JaffaCakes118

    • Size

      7KB

    • MD5

      6a3617e86953e7f4b177ead1c84f71f6

    • SHA1

      60ec0fecd409b5d9cdcb7e09bb9d692e2a6746ec

    • SHA256

      9e26ae8f25bc652990615b37c49724377bd9e07a2bc3cfb9c9d9ef19a59b8a98

    • SHA512

      dfc16fb2efe581506d943f4e1ce1926b5ca28133012d9ae51393111f90895587610cbf65e626051fcd30ec54f80e098553946b081510f85f3a785b18cb976321

    • SSDEEP

      96:1yZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx/XAHwINBXlqlDmMUA:4zdrr1FG1WDCgmjPZ/XijNVlYmMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks