General

  • Target

    8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118

  • Size

    36KB

  • Sample

    241104-aptbpsydlc

  • MD5

    8e3cb7a9bdf0add317bf3945bd7a5c01

  • SHA1

    d8a96a84f61027d2913801414e8b3e8dde8d08f6

  • SHA256

    d27b11aef2338d211b7ece957cdd00af16c6c6718f19dcae80b872e7adbad561

  • SHA512

    17d056aa575238e4d1d241dbd916c3d31fc62b81d416fee809b6d36d6f4f3e76b2668a32e5621c537e6b1fb76d5f7bdf8ab837310cab9ca6931f9b9f3aef4c20

  • SSDEEP

    768:AQGiHdn+ZnPW6hduWmSdFkHA+9HFiesI4Wn2b7o8Ekj:/VHx+ZnDjuPgER4W2bXEkj

Malware Config

Targets

    • Target

      8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118

    • Size

      36KB

    • MD5

      8e3cb7a9bdf0add317bf3945bd7a5c01

    • SHA1

      d8a96a84f61027d2913801414e8b3e8dde8d08f6

    • SHA256

      d27b11aef2338d211b7ece957cdd00af16c6c6718f19dcae80b872e7adbad561

    • SHA512

      17d056aa575238e4d1d241dbd916c3d31fc62b81d416fee809b6d36d6f4f3e76b2668a32e5621c537e6b1fb76d5f7bdf8ab837310cab9ca6931f9b9f3aef4c20

    • SSDEEP

      768:AQGiHdn+ZnPW6hduWmSdFkHA+9HFiesI4Wn2b7o8Ekj:/VHx+ZnDjuPgER4W2bXEkj

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks