Description
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
4962712045bc6709a91f746b14ae6473ca1936b1caaa907f0391035f8c139f71
General
Target
Size
Sample
4962712045bc6709a91f746b14ae6473ca1936b1caaa907f0391035f8c139f71
137KB
220520-17yx1shhhm
Score
10 /10
MD5
SHA1
SHA256
SHA512
6b2843a576c2cc99cdda72304b3b67c9
d1be9c2e7130ddc7649966a1fc691b9e4f90681b
4962712045bc6709a91f746b14ae6473ca1936b1caaa907f0391035f8c139f71
9cfd6248401ab04bc67c6695f9d60d9dc050ef93bb8fda321cc0ed808c86e69fca3a36bac69de4f8e3f185c31c9ba3c744c6a646105e8a8306725194934e0365
Malware Config
Targets
Target
MD5
Filesize
4962712045bc6709a91f746b14ae6473ca1936b1caaa907f0391035f8c139f71
6b2843a576c2cc99cdda72304b3b67c9
137KB
Score
10/10
SHA1
SHA256
SHA512
d1be9c2e7130ddc7649966a1fc691b9e4f90681b
4962712045bc6709a91f746b14ae6473ca1936b1caaa907f0391035f8c139f71
9cfd6248401ab04bc67c6695f9d60d9dc050ef93bb8fda321cc0ed808c86e69fca3a36bac69de4f8e3f185c31c9ba3c744c6a646105e8a8306725194934e0365
Tags
Signatures
-
Jigsaw Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks