General

  • Target

    78b8376448274a254dab8c2b753cba3b_JaffaCakes118

  • Size

    363KB

  • Sample

    241028-knnd6ssngv

  • MD5

    78b8376448274a254dab8c2b753cba3b

  • SHA1

    c3465f85d2952f16b15659ed091082eeaf755846

  • SHA256

    cf4a1a733aa5f9184cff122edb817f5c2dbacff9ff3dbf661f6cb2d1a191c3fb

  • SHA512

    bb30fa58907bd7813ab1f9b082e81fb91a0e199b252284d368e3c2813615bfc30e6c2e461e19a9541733bc09743e5d17ad4ef524a72436df807c829e50af7c00

  • SSDEEP

    6144:UY/hqaY3W3TATmNeZL249z2kiiwsLCcBtlA1+cGXQ1:UYZLkTmNMT9rPwsL5vy2U

Malware Config

Targets

    • Target

      78b8376448274a254dab8c2b753cba3b_JaffaCakes118

    • Size

      363KB

    • MD5

      78b8376448274a254dab8c2b753cba3b

    • SHA1

      c3465f85d2952f16b15659ed091082eeaf755846

    • SHA256

      cf4a1a733aa5f9184cff122edb817f5c2dbacff9ff3dbf661f6cb2d1a191c3fb

    • SHA512

      bb30fa58907bd7813ab1f9b082e81fb91a0e199b252284d368e3c2813615bfc30e6c2e461e19a9541733bc09743e5d17ad4ef524a72436df807c829e50af7c00

    • SSDEEP

      6144:UY/hqaY3W3TATmNeZL249z2kiiwsLCcBtlA1+cGXQ1:UYZLkTmNMT9rPwsL5vy2U

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2885) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks