jigsaw | 5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037 | Triage

Sharing

General

Target

5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037
Size

676KB
Sample

201105-d4pfdbrzjs
MD5

c1ed709a4375516d25889357d0660f00
SHA1

3f16cd69f3772b9aa51ff2b528f95227e7caed6f
SHA256

5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037
SHA512

215cc02a53e3d0eff52f511c516fd5d87726926984e84cd18a7b35c3783792a0ee050e736f2c72bc28d42f1975bb6314d9f0f9e28766839db257c7c500c81ac0

Score

10^/10

jigsaw persistence ransomware spyware

Malware Config

Targets

- Target
  
  5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037
- Size
  
  676KB
- MD5
  
  c1ed709a4375516d25889357d0660f00
- SHA1
  
  3f16cd69f3772b9aa51ff2b528f95227e7caed6f
- SHA256
  
  5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037
- SHA512
  
  215cc02a53e3d0eff52f511c516fd5d87726926984e84cd18a7b35c3783792a0ee050e736f2c72bc28d42f1975bb6314d9f0f9e28766839db257c7c500c81ac0
Score

10^/10

jigsaw persistence ransomware spyware
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespyware

behavioral2

jigsawpersistenceransomwarespyware