SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918

General
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918

Size

291KB

Sample

210306-e542m4kcwn

Score
10 /10
MD5

5a5c745bf3e97fe2be01880132662f28

SHA1

924af25d379fc88319bc55958db898dbf5054309

SHA256

0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

SHA512

151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Malware Config
Targets
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918

MD5

5a5c745bf3e97fe2be01880132662f28

Filesize

291KB

Score
10 /10
SHA1

924af25d379fc88319bc55958db898dbf5054309

SHA256

0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

SHA512

151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral1

                10/10