General

  • Target

    72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118

  • Size

    16KB

  • Sample

    241024-g57mlaygjl

  • MD5

    72ac44125353f22e5e1fcbc6432c8e58

  • SHA1

    fbf12e5efb4f8ded0aba082d3855c245f13f6f21

  • SHA256

    726fcc36cfdf852f0a226228d94c6257bd04f3ee6d99b95adc6fbc255fb0f315

  • SHA512

    44cf444d8060afc8ae143fec477d9ca6a43c2abaa79b1f67c04d19e8232f2f140a97f0f1767dd0650d32a4a81284eb51c8d2ccc04e13c7570ffc940d9f773e01

  • SSDEEP

    192:azdrr1FG1WDCgmjPZJI84WgxFkuYpMa27OYYaOCIX5jj2J/e8NrXtUA:aprr1gkDCgS084xFupVg48zrXtB

Malware Config

Targets

    • Target

      72ac44125353f22e5e1fcbc6432c8e58_JaffaCakes118

    • Size

      16KB

    • MD5

      72ac44125353f22e5e1fcbc6432c8e58

    • SHA1

      fbf12e5efb4f8ded0aba082d3855c245f13f6f21

    • SHA256

      726fcc36cfdf852f0a226228d94c6257bd04f3ee6d99b95adc6fbc255fb0f315

    • SHA512

      44cf444d8060afc8ae143fec477d9ca6a43c2abaa79b1f67c04d19e8232f2f140a97f0f1767dd0650d32a4a81284eb51c8d2ccc04e13c7570ffc940d9f773e01

    • SSDEEP

      192:azdrr1FG1WDCgmjPZJI84WgxFkuYpMa27OYYaOCIX5jj2J/e8NrXtUA:aprr1gkDCgS084xFupVg48zrXtB

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Renames multiple (2193) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks