General

  • Target

    7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118

  • Size

    7KB

  • Sample

    241028-djjrvsyeqf

  • MD5

    7757b8c71e1bffb96022dddd0fa84fb8

  • SHA1

    2821b0a5eb311010a982c4bef0bdfa025ccec947

  • SHA256

    3fa40d13414535a809b97e887b565841230af69a5d49b5fafd7cb31dd70a3d16

  • SHA512

    f9dc1d089b755b2a44db352cb02c07acdd48665ed26565590f8a3935fcba89e5002a68f8e5649aa1bc01a5b0add5b2e25f1b9e6bb3c5393f4f481117d59548b1

  • SSDEEP

    96:lXZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx8BDCyp97phPDRMUA:dzdrr1FG1WDCgmjPZ0Dh1LRMUA

Malware Config

Targets

    • Target

      7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118

    • Size

      7KB

    • MD5

      7757b8c71e1bffb96022dddd0fa84fb8

    • SHA1

      2821b0a5eb311010a982c4bef0bdfa025ccec947

    • SHA256

      3fa40d13414535a809b97e887b565841230af69a5d49b5fafd7cb31dd70a3d16

    • SHA512

      f9dc1d089b755b2a44db352cb02c07acdd48665ed26565590f8a3935fcba89e5002a68f8e5649aa1bc01a5b0add5b2e25f1b9e6bb3c5393f4f481117d59548b1

    • SSDEEP

      96:lXZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx8BDCyp97phPDRMUA:dzdrr1FG1WDCgmjPZ0Dh1LRMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2193) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks