Overview

overview

10

Static

static

3

3ae96f73d8...e7.exe

windows7-x64

10

3ae96f73d8...e7.exe

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jigsaw.zip

  • Size

    239KB

  • Sample

    230903-16pyqacg78

  • MD5

    4606902aaf1983c356f3726b404a6b00

  • SHA1

    02f49772e519dd4a46ede2d75ddf4cc33dfeaefe

  • SHA256

    fcc9c85254c42d09fd1d24b4153fccd9eba8a9c7dc69939d4407da8990636e06

  • SHA512

    146f24674ece2261732a8b69ab647bcfbe63704174cfbb0cbf6793e6abf3074fc97994042ad8936894bcc82f58765b58a72b886cc9b186751d120f497770704c

  • SSDEEP

    6144:a+4OkTX0BXhw0/JEN5YEyHyU81SIinX6h:aSk/6a/B0yx1SIGXi

Score
10/10
jigsawandroidpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7.exe

    • Size

      283KB

    • MD5

      2773e3dc59472296cb0024ba7715a64e

    • SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

    • SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    • SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    • SSDEEP

      6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks