Description
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5
General
Target
Size
Sample
802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5
78KB
220520-wvyn9sbff8
Score
10 /10
MD5
SHA1
SHA256
SHA512
c5eff77db7eb62c4066247adfcd64797
acf5f645a1af2987c8a5398c12d03622feba9d35
802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5
1610710c081064743dcfc9b7f5cdf42e63c9f78f3f55983c7f00ae6e60124489a5239cafb89375cc8e3d9d7696eeed7bb23f05dcda52644aafee651f69768dbd
Malware Config
Targets
Target
MD5
Filesize
802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5
c5eff77db7eb62c4066247adfcd64797
78KB
Score
10/10
SHA1
SHA256
SHA512
acf5f645a1af2987c8a5398c12d03622feba9d35
802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5
1610710c081064743dcfc9b7f5cdf42e63c9f78f3f55983c7f00ae6e60124489a5239cafb89375cc8e3d9d7696eeed7bb23f05dcda52644aafee651f69768dbd
Tags
Signatures
-
Jigsaw Ransomware
-
Executes dropped EXE
-
Modifies extensions of user files
Description
Ransomware generally changes the extension on encrypted files.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks