General
-
Target
b5f6194854416152e53a361df49f56d8_JaffaCakes118
-
Size
7KB
-
Sample
241202-a37fgszqgs
-
MD5
b5f6194854416152e53a361df49f56d8
-
SHA1
f38cf90caf6845d4e7ccc5d1fa2bd3a3279c39e5
-
SHA256
03cc93c01b8f1d37d59b3017d1686b6c0ce7f2fe23a252456d3c62e458fd3f55
-
SHA512
3934dde38fe2d0b60c50118b052513be354589fa00b451b445670cefa4aefd89cb55f3997bcfb557dd604ece37e31857e060b22df5443b7313631e36a2ed0937
-
SSDEEP
96:HT+Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExH+MwqLp9l/6hkKw2KN:z+zdrr1FG1WDCgmjPZH+RZh2WI9aMUA
Malware Config
Targets
-
-
Target
b5f6194854416152e53a361df49f56d8_JaffaCakes118
-
Size
7KB
-
MD5
b5f6194854416152e53a361df49f56d8
-
SHA1
f38cf90caf6845d4e7ccc5d1fa2bd3a3279c39e5
-
SHA256
03cc93c01b8f1d37d59b3017d1686b6c0ce7f2fe23a252456d3c62e458fd3f55
-
SHA512
3934dde38fe2d0b60c50118b052513be354589fa00b451b445670cefa4aefd89cb55f3997bcfb557dd604ece37e31857e060b22df5443b7313631e36a2ed0937
-
SSDEEP
96:HT+Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExH+MwqLp9l/6hkKw2KN:z+zdrr1FG1WDCgmjPZH+RZh2WI9aMUA
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (17524) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1