ca8beff49982a67463ec5adcd4910f3a7ce88b8ce984443153fb304c4fa09f7e | Triage

Sharing

General

Target

a6f84dbde0c2aa0583855e89b65819f7_JaffaCakes118
Size

6.5MB
Sample

240613-2rwy6axerr
MD5

a6f84dbde0c2aa0583855e89b65819f7
SHA1

5bc79484aa88c918fee5093b6cf77a87b51a467b
SHA256

ca8beff49982a67463ec5adcd4910f3a7ce88b8ce984443153fb304c4fa09f7e
SHA512

aa863d14891dd5361268e899c685cf31427a33d5918c4bd9d6a1dacc0f4021b4c8b1c6ad2b6fa75b85620de41a1b5d09fb572b7311c59fb128583fb5e50fe1c6
SSDEEP

98304:LwqCYkL+NeAnJWktbtWl5FTnUkHKaXfNm2kCx4vR5IO5aJkx/KWhF:cq9oP0HpWjFLUkZX1PkhX6kx/KWv

Score

10^/10

evasion ransomware

Malware Config

Targets

- Target
  
  a6f84dbde0c2aa0583855e89b65819f7_JaffaCakes118
- Size
  
  6.5MB
- MD5
  
  a6f84dbde0c2aa0583855e89b65819f7
- SHA1
  
  5bc79484aa88c918fee5093b6cf77a87b51a467b
- SHA256
  
  ca8beff49982a67463ec5adcd4910f3a7ce88b8ce984443153fb304c4fa09f7e
- SHA512
  
  aa863d14891dd5361268e899c685cf31427a33d5918c4bd9d6a1dacc0f4021b4c8b1c6ad2b6fa75b85620de41a1b5d09fb572b7311c59fb128583fb5e50fe1c6
- SSDEEP
  
  98304:LwqCYkL+NeAnJWktbtWl5FTnUkHKaXfNm2kCx4vR5IO5aJkx/KWhF:cq9oP0HpWjFLUkZX1PkhX6kx/KWv
Score

10^/10

evasion ransomware
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Clears Windows event logs
  evasion ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware