Description
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
jigsaw.bin
General
Target
Size
Sample
jigsaw.bin
283KB
220416-rlfd4shfb5
Score
10 /10
MD5
SHA1
SHA256
SHA512
2773e3dc59472296cb0024ba7715a64e
27d99fbca067f478bb91cdbcb92f13a828b00859
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
Malware Config
Targets
Target
MD5
Filesize
jigsaw.bin
2773e3dc59472296cb0024ba7715a64e
283KB
Score
10/10
SHA1
SHA256
SHA512
27d99fbca067f478bb91cdbcb92f13a828b00859
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
Tags
Signatures
-
Jigsaw Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks