General

  • Target

    888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118

  • Size

    7KB

  • Sample

    241102-31qdeaylht

  • MD5

    888c9c3d4ac8113c9ebe6ae8563d0e26

  • SHA1

    349dbb63c8b41daf91c7f5f52488ac9aca4de1d4

  • SHA256

    fe7bba242f3e8f051684eec632a0a0bb66ea4bb69432a9998cf413e90942eb42

  • SHA512

    c3a8bc425654d05e96cc24c928584cb81ccbd1e4b16a2c033465c0b914f2eddde96b3fbf1e8b74a7e68aaa2f2b915b5372030d514eef7ec2254f250731260019

  • SSDEEP

    96:lPZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmPiRxQyWmpp7RJ6rmQN:pzdrr1FG1WDCgmjPZ+cgmZU/pGMUA

Malware Config

Targets

    • Target

      888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118

    • Size

      7KB

    • MD5

      888c9c3d4ac8113c9ebe6ae8563d0e26

    • SHA1

      349dbb63c8b41daf91c7f5f52488ac9aca4de1d4

    • SHA256

      fe7bba242f3e8f051684eec632a0a0bb66ea4bb69432a9998cf413e90942eb42

    • SHA512

      c3a8bc425654d05e96cc24c928584cb81ccbd1e4b16a2c033465c0b914f2eddde96b3fbf1e8b74a7e68aaa2f2b915b5372030d514eef7ec2254f250731260019

    • SSDEEP

      96:lPZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmPiRxQyWmpp7RJ6rmQN:pzdrr1FG1WDCgmjPZ+cgmZU/pGMUA

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2205) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks