Extracted

• • Target

    JaffaCakes118_a0b0432294ebbc84d306993e2e7ea91c

  • Size

    2.1MB

  • MD5

    a0b0432294ebbc84d306993e2e7ea91c

  • SHA1

    217f15f8048cb52b529bcad20c687422c9a29add

  • SHA256

    1eb180ad160549d0754076d4230617fdcb22666e1708a0b8d37c8886a9f554f3

  • SHA512

    1dc1884893156b400f5c9aa0c7a922ca6a06758771f70a560c82f2b3078ae2fde9b21b797236e4d7dcd3db866d3afee18b6acee3124224c5b0aca8376afced61

  • SSDEEP

    49152:0Whc2Iyefi4Cvv5mGb9dPaBq9MuAp3JwMLerDclJyA:9Qq6gz95Ap3JBeAJyA

  Score

  10^/10

  hivedefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Disables service(s)

    evasionexecution

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Hive family

    hive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Security services

    Modifies the startup behavior of a security service.

    defense_evasion
  behavioral1behavioral2