jigsaw | 1582d05009d6870bad0d27a017e9b67793de7b65cc27ac126ca075c1516708bf | Triage

Submit
Reports

Overview

overview

Static

static

cats.exe

windows7_x64

cats.exe

windows10_x64

Sharing

General

Target

cats.7z
Size

162KB
Sample

210421-m6xe69sw4j
MD5

7e6b62ac90eb20249785ecaa51c50675
SHA1

4e4e9db8fa5f567c37ee2fc909cd836397854997
SHA256

1582d05009d6870bad0d27a017e9b67793de7b65cc27ac126ca075c1516708bf
SHA512

fd94eafa26954b3be6bc6fbc5a2f9c9a5ab1c04d67cc88ce8ebfd01cc8b7e8076548e664bf28f3bafa6bbf44dabd164f443626f08984fad42a9f856332af5d6b

Score

10^/10

jigsaw persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cats.exe

Resource

win7v20210408

jigsaw persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cats.exe

Resource

win10v20210410

jigsaw persistence ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cats.exe
- Size
  
  187KB
- MD5
  
  d3a0e47edcf938a77670e7a287eac0f2
- SHA1
  
  38c92837ca17c17ac9728d90a65a53196ed4fdd2
- SHA256
  
  ae3f350f758e1d229c6ec9cf7fb8c201a7e756b5866c05ac20df987a384a049a
- SHA512
  
  60962d0309d1cf84570000f883ce818f3f07570a5cad144e19ac4e7d3cbdcb5a0a85bc96e559a69041a4c538959284da01e636bd7df04cce25d8e8894e54f08a
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer

behavioral2

jigsawpersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy