General
-
Target
89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118
-
Size
175KB
-
Sample
241103-fwfxvaynbn
-
MD5
89c9bb3b2f5c86aa3ae11a34cee355a4
-
SHA1
4ef641aa51ab1fe02bfb7c549c374d47a1f1a839
-
SHA256
40416427bc32281159f82cb95a0b5a4c4efa6f8f23aa5b5248001413f0c541cf
-
SHA512
c096150ca59a2cacb5f9717ae62751e90478af1bbd192dbbef14b5356c4e1ed3642041382ca039fc56f4227614f1f9177e2efdcdc1f6f7a4921110ad9eee417a
-
SSDEEP
3072:TVITmOqyaEgpN3OiPxj3Tr1tPTHhvAAjawYVJXuw824bKIVtDmzoUrAdJZbasj7h:TVI7q/EgpN+cxjPLbZAAebur2qyzoldb
Static task
static1
Behavioral task
behavioral1
Sample
89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118
-
Size
175KB
-
MD5
89c9bb3b2f5c86aa3ae11a34cee355a4
-
SHA1
4ef641aa51ab1fe02bfb7c549c374d47a1f1a839
-
SHA256
40416427bc32281159f82cb95a0b5a4c4efa6f8f23aa5b5248001413f0c541cf
-
SHA512
c096150ca59a2cacb5f9717ae62751e90478af1bbd192dbbef14b5356c4e1ed3642041382ca039fc56f4227614f1f9177e2efdcdc1f6f7a4921110ad9eee417a
-
SSDEEP
3072:TVITmOqyaEgpN3OiPxj3Tr1tPTHhvAAjawYVJXuw824bKIVtDmzoUrAdJZbasj7h:TVI7q/EgpN+cxjPLbZAAebur2qyzoldb
-
Detected Xorist Ransomware
-
Xorist family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-