14ee5fe40e76955ea27cc715dd5849f10ce7dc992c234db67467bbb1757aa8f9

General
Target

14ee5fe40e76955ea27cc715dd5849f10ce7dc992c234db67467bbb1757aa8f9

Size

136KB

Sample

220306-dbkzyshha4

Score
10 /10
MD5

17f29268c9f1c5d5bca8b2b66cd1044c

SHA1

16273c67d772dccd1bc9d375b1c9ffa25e83129c

SHA256

14ee5fe40e76955ea27cc715dd5849f10ce7dc992c234db67467bbb1757aa8f9

SHA512

bd4d3f760de8225626f748f0168188d40c283b1a5525234cb8ff63621ff5f5952c6d6bf6de464485784641ff7aa08d89979ad000d26feb34f44fc231287ab1db

Malware Config
Targets
Target

14ee5fe40e76955ea27cc715dd5849f10ce7dc992c234db67467bbb1757aa8f9

MD5

17f29268c9f1c5d5bca8b2b66cd1044c

Filesize

136KB

Score
10/10
SHA1

16273c67d772dccd1bc9d375b1c9ffa25e83129c

SHA256

14ee5fe40e76955ea27cc715dd5849f10ce7dc992c234db67467bbb1757aa8f9

SHA512

bd4d3f760de8225626f748f0168188d40c283b1a5525234cb8ff63621ff5f5952c6d6bf6de464485784641ff7aa08d89979ad000d26feb34f44fc231287ab1db

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral2

                1/10