General

  • Target

    89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118

  • Size

    175KB

  • Sample

    241103-fwfxvaynbn

  • MD5

    89c9bb3b2f5c86aa3ae11a34cee355a4

  • SHA1

    4ef641aa51ab1fe02bfb7c549c374d47a1f1a839

  • SHA256

    40416427bc32281159f82cb95a0b5a4c4efa6f8f23aa5b5248001413f0c541cf

  • SHA512

    c096150ca59a2cacb5f9717ae62751e90478af1bbd192dbbef14b5356c4e1ed3642041382ca039fc56f4227614f1f9177e2efdcdc1f6f7a4921110ad9eee417a

  • SSDEEP

    3072:TVITmOqyaEgpN3OiPxj3Tr1tPTHhvAAjawYVJXuw824bKIVtDmzoUrAdJZbasj7h:TVI7q/EgpN+cxjPLbZAAebur2qyzoldb

Malware Config

Targets

    • Target

      89c9bb3b2f5c86aa3ae11a34cee355a4_JaffaCakes118

    • Size

      175KB

    • MD5

      89c9bb3b2f5c86aa3ae11a34cee355a4

    • SHA1

      4ef641aa51ab1fe02bfb7c549c374d47a1f1a839

    • SHA256

      40416427bc32281159f82cb95a0b5a4c4efa6f8f23aa5b5248001413f0c541cf

    • SHA512

      c096150ca59a2cacb5f9717ae62751e90478af1bbd192dbbef14b5356c4e1ed3642041382ca039fc56f4227614f1f9177e2efdcdc1f6f7a4921110ad9eee417a

    • SSDEEP

      3072:TVITmOqyaEgpN3OiPxj3Tr1tPTHhvAAjawYVJXuw824bKIVtDmzoUrAdJZbasj7h:TVI7q/EgpN+cxjPLbZAAebur2qyzoldb

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks