General
-
Target
8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118
-
Size
36KB
-
Sample
241104-aptbpsydlc
-
MD5
8e3cb7a9bdf0add317bf3945bd7a5c01
-
SHA1
d8a96a84f61027d2913801414e8b3e8dde8d08f6
-
SHA256
d27b11aef2338d211b7ece957cdd00af16c6c6718f19dcae80b872e7adbad561
-
SHA512
17d056aa575238e4d1d241dbd916c3d31fc62b81d416fee809b6d36d6f4f3e76b2668a32e5621c537e6b1fb76d5f7bdf8ab837310cab9ca6931f9b9f3aef4c20
-
SSDEEP
768:AQGiHdn+ZnPW6hduWmSdFkHA+9HFiesI4Wn2b7o8Ekj:/VHx+ZnDjuPgER4W2bXEkj
Static task
static1
Behavioral task
behavioral1
Sample
8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8e3cb7a9bdf0add317bf3945bd7a5c01_JaffaCakes118
-
Size
36KB
-
MD5
8e3cb7a9bdf0add317bf3945bd7a5c01
-
SHA1
d8a96a84f61027d2913801414e8b3e8dde8d08f6
-
SHA256
d27b11aef2338d211b7ece957cdd00af16c6c6718f19dcae80b872e7adbad561
-
SHA512
17d056aa575238e4d1d241dbd916c3d31fc62b81d416fee809b6d36d6f4f3e76b2668a32e5621c537e6b1fb76d5f7bdf8ab837310cab9ca6931f9b9f3aef4c20
-
SSDEEP
768:AQGiHdn+ZnPW6hduWmSdFkHA+9HFiesI4Wn2b7o8Ekj:/VHx+ZnDjuPgER4W2bXEkj
Score10/10-
Detected Xorist Ransomware
-
Xorist family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-