General

  • Target

    8259b40a1d153db2118bad30fc331890_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241031-jpg34stgnf

  • MD5

    8259b40a1d153db2118bad30fc331890

  • SHA1

    8f51838c8a465a4ff8e7056bca2ade19e7ebe924

  • SHA256

    5fe34d6176c29dc12f487d525fdaf589ddeea0f13521a0a1ce343dd84da81bb9

  • SHA512

    45a11dcd21278cb499c6230c850a8e2bb1850b4fdeab05daa82a992ff063efe0b49b2273f9f9f5cfe2c37fdd45aa435668fd15e4b08be94dc2691f66bd9919a9

  • SSDEEP

    24576:evxye+c7AXht3A0pt3ctzMA4rbr32bAgAa6Au9/oja2S3Ltx0rBeYVAe+AB:0Ye+cExRA8t7Aibr32bti9/oO2qGrBB/

Malware Config

Targets

    • Target

      8259b40a1d153db2118bad30fc331890_JaffaCakes118

    • Size

      1.3MB

    • MD5

      8259b40a1d153db2118bad30fc331890

    • SHA1

      8f51838c8a465a4ff8e7056bca2ade19e7ebe924

    • SHA256

      5fe34d6176c29dc12f487d525fdaf589ddeea0f13521a0a1ce343dd84da81bb9

    • SHA512

      45a11dcd21278cb499c6230c850a8e2bb1850b4fdeab05daa82a992ff063efe0b49b2273f9f9f5cfe2c37fdd45aa435668fd15e4b08be94dc2691f66bd9919a9

    • SSDEEP

      24576:evxye+c7AXht3A0pt3ctzMA4rbr32bAgAa6Au9/oja2S3Ltx0rBeYVAe+AB:0Ye+cExRA8t7Aibr32bti9/oO2qGrBB/

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2212) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks