General

  • Target

    a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118

  • Size

    75KB

  • Sample

    241127-dky8ya1jar

  • MD5

    a5944e7d7015005ff33bea60d9a1ad2c

  • SHA1

    52c77133168d22291d8914dbd3aeea3597f7eb47

  • SHA256

    c88ff0d644fc030ceb84a8b468bd74191a78ee06fb0344eacb7f353e69e587a7

  • SHA512

    84ab5546bbe1847df979cc7093b0ec36c3b7105e1ef99cfdb6a4ad7c1c31b72480ba9bf6f603094ac192f6e54f1f7d347f869c4d02484bddfa9318f4995c3e65

  • SSDEEP

    768:OrVDCpK4icOBfOImfxfRc9/LO+Ssh88d7Z6S/UUMmz:Or4pfbOB2nfxRkKjshj6d

Malware Config

Targets

    • Target

      a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118

    • Size

      75KB

    • MD5

      a5944e7d7015005ff33bea60d9a1ad2c

    • SHA1

      52c77133168d22291d8914dbd3aeea3597f7eb47

    • SHA256

      c88ff0d644fc030ceb84a8b468bd74191a78ee06fb0344eacb7f353e69e587a7

    • SHA512

      84ab5546bbe1847df979cc7093b0ec36c3b7105e1ef99cfdb6a4ad7c1c31b72480ba9bf6f603094ac192f6e54f1f7d347f869c4d02484bddfa9318f4995c3e65

    • SSDEEP

      768:OrVDCpK4icOBfOImfxfRc9/LO+Ssh88d7Z6S/UUMmz:Or4pfbOB2nfxRkKjshj6d

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

    • Xorist family

    • Renames multiple (2201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks