General

  • Target

    7dfd0cd482ce6237745b82e5355f5e90_JaffaCakes118

  • Size

    40KB

  • Sample

    241030-fp7rzsxbrb

  • MD5

    7dfd0cd482ce6237745b82e5355f5e90

  • SHA1

    9f8d910d931e7cc312e4a3cd5e88911d952b7465

  • SHA256

    1005665b0240831a78aad206707cad93f9ac891530f05abf7895f1400ddcd44a

  • SHA512

    746f05e85dc0ee920a5f61059ab96c3d0e57a0ca8046c356a735c306838b06a6dd56c941cc778310a700c690a5ee80934a9139793a8a08ba20f3061641ba19cb

  • SSDEEP

    384:3ebFNw4Pk1itKkpAjjalrkO4qYvjSrkDCgSxnRogV96WO3ZB:30FmBkpKjqY77DCBJq3

Malware Config

Targets

    • Target

      7dfd0cd482ce6237745b82e5355f5e90_JaffaCakes118

    • Size

      40KB

    • MD5

      7dfd0cd482ce6237745b82e5355f5e90

    • SHA1

      9f8d910d931e7cc312e4a3cd5e88911d952b7465

    • SHA256

      1005665b0240831a78aad206707cad93f9ac891530f05abf7895f1400ddcd44a

    • SHA512

      746f05e85dc0ee920a5f61059ab96c3d0e57a0ca8046c356a735c306838b06a6dd56c941cc778310a700c690a5ee80934a9139793a8a08ba20f3061641ba19cb

    • SSDEEP

      384:3ebFNw4Pk1itKkpAjjalrkO4qYvjSrkDCgSxnRogV96WO3ZB:30FmBkpKjqY77DCBJq3

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2211) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks