Overview

overview

10

Static

static

3

d2e8f95304...18.exe

windows7-x64

10

d2e8f95304...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118

  • Size

    13KB

  • Sample

    241207-rq4mhazpdl

  • MD5

    d2e8f95304dbb187fc3fade51fd519bc

  • SHA1

    b2a70a141a28e4c1dd24adb72d688fe606f0c5aa

  • SHA256

    f311f5ec360c4a5fd2aeec5ce729ce2d71c28f448adf0795b1f36e6164a91221

  • SHA512

    4d2a0067306e370b1fe0f0566da614cc13645532843dc392e30941ea2ca800fa1735dcf8f492b6ee03e47c5db442a694a9b3e1b4cee372fa67659de5c5aee254

  • SSDEEP

    384:Xprr1gkDCgSqDCt5ksBfyolGU0wyJSMD8oVxbIrdh5sP52G+r:hrVDCACtjfyolIwyJSMD8o/bIrd42Rr

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118

    • Size

      13KB

    • MD5

      d2e8f95304dbb187fc3fade51fd519bc

    • SHA1

      b2a70a141a28e4c1dd24adb72d688fe606f0c5aa

    • SHA256

      f311f5ec360c4a5fd2aeec5ce729ce2d71c28f448adf0795b1f36e6164a91221

    • SHA512

      4d2a0067306e370b1fe0f0566da614cc13645532843dc392e30941ea2ca800fa1735dcf8f492b6ee03e47c5db442a694a9b3e1b4cee372fa67659de5c5aee254

    • SSDEEP

      384:Xprr1gkDCgSqDCt5ksBfyolGU0wyJSMD8oVxbIrdh5sP52G+r:hrVDCACtjfyolIwyJSMD8o/bIrd42Rr

    Score
    10/10
    xoristdiscoverypersistenceransomwarespywarestealer

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

      ransomwarexorist

    • Xorist family

      xorist

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks