General
-
Target
f638845f0f1ddcbda1a8c5d23ef5df14_JaffaCakes118
-
Size
7KB
-
Sample
241215-3f6vnatqbq
-
MD5
f638845f0f1ddcbda1a8c5d23ef5df14
-
SHA1
3fec3e05b65a2327555e6d919daea65e87ec1ad9
-
SHA256
5a11da5d577165ec0c7f5de398483dc68e192e09132eacb2146b85276be2dc74
-
SHA512
92aa044e8c8b695d2c05b97f8f73ebbe846f8f4be4c0cdf5b3fa59f39fc5ca0bbddff39fef8a87d1eb14c3e7b0e342f5cad30eb65c91ee100320933685b4df88
-
SSDEEP
192:Zzdrr1FG1WDCgmjPZB0/+QiwqM5wQsahMUA:Zprr1gkDCgS70/a1MVjMB
Malware Config
Targets
-
-
Target
f638845f0f1ddcbda1a8c5d23ef5df14_JaffaCakes118
-
Size
7KB
-
MD5
f638845f0f1ddcbda1a8c5d23ef5df14
-
SHA1
3fec3e05b65a2327555e6d919daea65e87ec1ad9
-
SHA256
5a11da5d577165ec0c7f5de398483dc68e192e09132eacb2146b85276be2dc74
-
SHA512
92aa044e8c8b695d2c05b97f8f73ebbe846f8f4be4c0cdf5b3fa59f39fc5ca0bbddff39fef8a87d1eb14c3e7b0e342f5cad30eb65c91ee100320933685b4df88
-
SSDEEP
192:Zzdrr1FG1WDCgmjPZB0/+QiwqM5wQsahMUA:Zprr1gkDCgS70/a1MVjMB
Score10/10-
Detected Xorist Ransomware
-
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2874) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-