Overview

overview

10

Static

static

cats.exe

windows7_x64

10

cats.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cats.7z

  • Size

    162KB

  • Sample

    210421-m6xe69sw4j

  • MD5

    7e6b62ac90eb20249785ecaa51c50675

  • SHA1

    4e4e9db8fa5f567c37ee2fc909cd836397854997

  • SHA256

    1582d05009d6870bad0d27a017e9b67793de7b65cc27ac126ca075c1516708bf

  • SHA512

    fd94eafa26954b3be6bc6fbc5a2f9c9a5ab1c04d67cc88ce8ebfd01cc8b7e8076548e664bf28f3bafa6bbf44dabd164f443626f08984fad42a9f856332af5d6b

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      cats.exe

    • Size

      187KB

    • MD5

      d3a0e47edcf938a77670e7a287eac0f2

    • SHA1

      38c92837ca17c17ac9728d90a65a53196ed4fdd2

    • SHA256

      ae3f350f758e1d229c6ec9cf7fb8c201a7e756b5866c05ac20df987a384a049a

    • SHA512

      60962d0309d1cf84570000f883ce818f3f07570a5cad144e19ac4e7d3cbdcb5a0a85bc96e559a69041a4c538959284da01e636bd7df04cce25d8e8894e54f08a

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks