b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

General
Target

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

Size

41KB

Sample

201105-wwra1hx6zn

Score
10 /10
MD5

0efb06144ff6e9eb6bdc03fafa5167a7

SHA1

894bc02320d1308462ce004cf06e1bb1841d22c2

SHA256

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

SHA512

a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96

Malware Config
Targets
Target

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

MD5

0efb06144ff6e9eb6bdc03fafa5167a7

Filesize

41KB

Score
10 /10
SHA1

894bc02320d1308462ce004cf06e1bb1841d22c2

SHA256

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

SHA512

a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  10/10