802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5

General
Target

802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5

Size

78KB

Sample

220520-wvyn9sbff8

Score
10 /10
MD5

c5eff77db7eb62c4066247adfcd64797

SHA1

acf5f645a1af2987c8a5398c12d03622feba9d35

SHA256

802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5

SHA512

1610710c081064743dcfc9b7f5cdf42e63c9f78f3f55983c7f00ae6e60124489a5239cafb89375cc8e3d9d7696eeed7bb23f05dcda52644aafee651f69768dbd

Malware Config
Targets
Target

802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5

MD5

c5eff77db7eb62c4066247adfcd64797

Filesize

78KB

Score
10/10
SHA1

acf5f645a1af2987c8a5398c12d03622feba9d35

SHA256

802fef4d4f81c443497362711a7d8611741c30373c96d3229d699f225552a5f5

SHA512

1610710c081064743dcfc9b7f5cdf42e63c9f78f3f55983c7f00ae6e60124489a5239cafb89375cc8e3d9d7696eeed7bb23f05dcda52644aafee651f69768dbd

Tags

Signatures

  • Jigsaw Ransomware

    Description

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    Tags

  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation