jigsaw.bin

General
Target

jigsaw.bin

Size

283KB

Sample

220416-rlfd4shfb5

Score
10 /10
MD5

2773e3dc59472296cb0024ba7715a64e

SHA1

27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256

3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512

6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Malware Config
Targets
Target

jigsaw.bin

MD5

2773e3dc59472296cb0024ba7715a64e

Filesize

283KB

Score
10/10
SHA1

27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256

3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512

6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral2

                10/10