jigsaw | 6f94e5747ba1aaa2bb666704ee65b37aac8aff47dbc321be2b607d47dd695e8f | Triage

Resubmissions

09-10-2023 22:49

231009-2ry4hsba26 10

06-03-2021 22:23

210306-pfhc83235s 10

05-06-2020 02:52

200605-jqylqtyzss 10

Sharing

General

Target

drpbx.exe
Size

125KB
Sample

200605-jqylqtyzss
MD5

7fab69dcc9fbee7ca91bef27dc551f63
SHA1

fe272f074373e80e2a00144e0fcc4de6e68cf0e3
SHA256

6f94e5747ba1aaa2bb666704ee65b37aac8aff47dbc321be2b607d47dd695e8f
SHA512

ac87841efd28941ee4b13142602b6f91a43b29136236d78ccde1ba838d453c9d9de5ab94ced8eaddb426f1b569ee8a3f593fdae04f02984b7fc337bccd0b3ae8

Score

10^/10

jigsaw persistence ransomware spyware

Malware Config

Targets

- Target
  
  drpbx.exe
- Size
  
  125KB
- MD5
  
  7fab69dcc9fbee7ca91bef27dc551f63
- SHA1
  
  fe272f074373e80e2a00144e0fcc4de6e68cf0e3
- SHA256
  
  6f94e5747ba1aaa2bb666704ee65b37aac8aff47dbc321be2b607d47dd695e8f
- SHA512
  
  ac87841efd28941ee4b13142602b6f91a43b29136236d78ccde1ba838d453c9d9de5ab94ced8eaddb426f1b569ee8a3f593fdae04f02984b7fc337bccd0b3ae8
Score

10^/10

persistence ransomware jigsaw spyware
- Jigsaw
  Ransomware family first created in 2016. Named based on wallpaper set after infection.
  ransomware jigsaw
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarejigsawspyware

behavioral2

persistenceransomwarejigsaw