Jaff Ransomware - A quick technical analysis

A very quick technical view of Jaff Ransomware, delivered as a malicious PDF which drops a .docm file to the users machine and then downloads the ransomware. Here, I show you how to get indicators from a behavioural standpoint and also how to rip apart the code to get all other network indicators from the sample. Hash covered here is MD5: 2b2c0737949a56528b0834f642ff2635 Link to the bluecoat.py code here: github.com/m0atz/bluecoat Key IOCs from this sample can be found here: pastebin.com/5LEivkSp Follow me on twitter: twitter.com/cybercdh and feel free to drop me your questions below.

• #people_blogs
• #malware
• #ransomware
• #jaff
• #analysis
• #reverse_engineering