Jaff

Description

(Fortinet) Like many ransomware variants, Jaff ransomware commonly arrives as a pdf attachment. Once you open the attachment, it displays a one-line document along with a pop-up message asking whether you want to open an embedded.

After downloading the binary file, Jaff ransomware starts decrypting part of the malware code. It uses a simple code redirection routine as an anti-analysis trick to stretch the time it requires to analyze the actual malicious code. In between code execution, it uses garbage code that is not relevant to the malware execution.

Names

Name
Jaff
Rakhni

Type

Ransomware

Information

https://www.fortinet.com/blog/threat-research/looking-into-jaff-ransomware.html
http://malware-traffic-analysis.net/2017/05/16/index.html
https://www.proofpoint.com/us/threat-insight/post/jaff-new-ransomware-from-actors-behind-distribution-of-dridex-locky-bart
http://blog.talosintelligence.com/2017/05/jaff-ransomware.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.jaff

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:jaff

Playbook

https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

Other Information

Uuid

7e7db440-de10-4fa9-89f2-60aba7351ac4

Last Card Change

2021-04-25

Threat Intelligence Garden

Explorer

Jaff

Jaff

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Playbook

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks