6510c322c03af6cba3cce6693ec5009f115dbeb8e95fb049cbc6a26ed80ff756 | Triage

Sharing

General

Target

6cc99cf88b569a520363e6ebbdf96cf9_JaffaCakes118
Size

6.5MB
Sample

240524-atwmmaeg2y
MD5

6cc99cf88b569a520363e6ebbdf96cf9
SHA1

2f238f91a250d239f6f6da3f2deec5d5316ffbaa
SHA256

6510c322c03af6cba3cce6693ec5009f115dbeb8e95fb049cbc6a26ed80ff756
SHA512

bbdc9dc2c283e3573046b9e73a694bfe410f9590290932d8610aaf6bff58f19faf65e5149db3a8fbe8163a523fbc225b6cd6afa9b8663d58be60eb6e5422fd5e
SSDEEP

98304:LwqCYkL+NeAnJWktbtWl5FTnUkHKaXfNm2kCx4vR5IO5aJkx/KWhe:cq9oP0HpWjFLUkZX1PkhX6kx/KWU

Score

10^/10

evasion ransomware

Malware Config

Targets

- Target
  
  6cc99cf88b569a520363e6ebbdf96cf9_JaffaCakes118
- Size
  
  6.5MB
- MD5
  
  6cc99cf88b569a520363e6ebbdf96cf9
- SHA1
  
  2f238f91a250d239f6f6da3f2deec5d5316ffbaa
- SHA256
  
  6510c322c03af6cba3cce6693ec5009f115dbeb8e95fb049cbc6a26ed80ff756
- SHA512
  
  bbdc9dc2c283e3573046b9e73a694bfe410f9590290932d8610aaf6bff58f19faf65e5149db3a8fbe8163a523fbc225b6cd6afa9b8663d58be60eb6e5422fd5e
- SSDEEP
  
  98304:LwqCYkL+NeAnJWktbtWl5FTnUkHKaXfNm2kCx4vR5IO5aJkx/KWhe:cq9oP0HpWjFLUkZX1PkhX6kx/KWU
Score

10^/10

evasion ransomware
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Clears Windows event logs
  evasion ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware