cats.7z

General
Target

cats.7z

Size

162KB

Sample

210421-m6xe69sw4j

Score
10 /10
MD5

7e6b62ac90eb20249785ecaa51c50675

SHA1

4e4e9db8fa5f567c37ee2fc909cd836397854997

SHA256

1582d05009d6870bad0d27a017e9b67793de7b65cc27ac126ca075c1516708bf

SHA512

fd94eafa26954b3be6bc6fbc5a2f9c9a5ab1c04d67cc88ce8ebfd01cc8b7e8076548e664bf28f3bafa6bbf44dabd164f443626f08984fad42a9f856332af5d6b

Malware Config
Targets
Target

cats.exe

MD5

d3a0e47edcf938a77670e7a287eac0f2

Filesize

187KB

Score
10 /10
SHA1

38c92837ca17c17ac9728d90a65a53196ed4fdd2

SHA256

ae3f350f758e1d229c6ec9cf7fb8c201a7e756b5866c05ac20df987a384a049a

SHA512

60962d0309d1cf84570000f883ce818f3f07570a5cad144e19ac4e7d3cbdcb5a0a85bc96e559a69041a4c538959284da01e636bd7df04cce25d8e8894e54f08a

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation