4ba36ecc13f6b08e1523fa7f8fd228b739d1f6918c5c7f9779c536b91dbb3def

General
Target

4ba36ecc13f6b08e1523fa7f8fd228b739d1f6918c5c7f9779c536b91dbb3def

Size

31MB

Sample

210707-eetm352lh6

Score
10 /10
MD5

5e522e76e656ec090c8555b61fbcf226

SHA1

6248d98b60c13b2d89caaa8059d29d4183616047

SHA256

4ba36ecc13f6b08e1523fa7f8fd228b739d1f6918c5c7f9779c536b91dbb3def

SHA512

b1f4a0f0aea64ab76d0635fac5d159a2dd9df73f0944b0bafb66d6bec16e6887e5c412334ffe7418d2609df07ab5732f8fd4c387181d5c33465f499d86c7a2d4

Malware Config
Targets
Target

4ba36ecc13f6b08e1523fa7f8fd228b739d1f6918c5c7f9779c536b91dbb3def

MD5

5e522e76e656ec090c8555b61fbcf226

Filesize

31MB

Score
10 /10
SHA1

6248d98b60c13b2d89caaa8059d29d4183616047

SHA256

4ba36ecc13f6b08e1523fa7f8fd228b739d1f6918c5c7f9779c536b91dbb3def

SHA512

b1f4a0f0aea64ab76d0635fac5d159a2dd9df73f0944b0bafb66d6bec16e6887e5c412334ffe7418d2609df07ab5732f8fd4c387181d5c33465f499d86c7a2d4

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation