Description
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918
General
Target
Size
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918
291KB
210306-e542m4kcwn
Score
10 /10
MD5
SHA1
SHA256
SHA512
5a5c745bf3e97fe2be01880132662f28
924af25d379fc88319bc55958db898dbf5054309
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
Malware Config
Targets
Target
MD5
Filesize
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918
5a5c745bf3e97fe2be01880132662f28
291KB
Score
10 /10
SHA1
SHA256
SHA512
924af25d379fc88319bc55958db898dbf5054309
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
Tags
Signatures
-
Jigsaw Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Drops desktop.ini file(s)
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks