cats.7z

Target

cats.7z

Size

162KB

Sample

210421-m6xe69sw4j

Score

10 ^/10

MD5

7e6b62ac90eb20249785ecaa51c50675

SHA1

4e4e9db8fa5f567c37ee2fc909cd836397854997

SHA256

1582d05009d6870bad0d27a017e9b67793de7b65cc27ac126ca075c1516708bf

SHA512

fd94eafa26954b3be6bc6fbc5a2f9c9a5ab1c04d67cc88ce8ebfd01cc8b7e8076548e664bf28f3bafa6bbf44dabd164f443626f08984fad42a9f856332af5d6b

jigsaw persistence ransomware spyware stealer

Target

cats.exe

MD5

d3a0e47edcf938a77670e7a287eac0f2

Filesize

187KB

Score

10^/10

SHA1

38c92837ca17c17ac9728d90a65a53196ed4fdd2

SHA256

ae3f350f758e1d229c6ec9cf7fb8c201a7e756b5866c05ac20df987a384a049a

SHA512

60962d0309d1cf84570000f883ce818f3f07570a5cad144e19ac4e7d3cbdcb5a0a85bc96e559a69041a4c538959284da01e636bd7df04cce25d8e8894e54f08a

Tags

jigsaw persistence ransomware spyware stealer

Signatures

Jigsaw Ransomware
Description

Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
Tags

ransomware jigsaw
Executes dropped EXE
Modifies extensions of user files
Description

Ransomware generally changes the extension on encrypted files.
Tags

ransomware
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Drops desktop.ini file(s)

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

jigsaw persistence ransomware spyware stealer

10^/10

behavioral2

jigsaw persistence ransomware spyware stealer

10^/10