Resubmissions

08-10-2023 10:02

231008-l2z6kabb3z 10

08-10-2023 09:59

231008-l1b3cabb3s 10

27-09-2023 16:49

230927-vb39zadg59 10

General

  • Target

    Jigsaw2-b.exe

  • Size

    249KB

  • Sample

    231008-l1b3cabb3s

  • MD5

    33862bca1fe73d44277e9ad4f0aa81e1

  • SHA1

    e900bf9dc2ad2b18e362c8d42ae8e8ce74fb3ff1

  • SHA256

    053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

  • SHA512

    08c0ef71dcab39f772abf17b2c714bc89fe2add6fa61f734ea04c05770ad93a68e5fd9caf73d740c3c17dce1ebb0563b0bd82b20fc6a7e508a778bccbbf8384c

  • SSDEEP

    6144:VFVg9EpWQxCKDgqLSV2hIq45K4O4xDL1UnhvHNJ7h0W93MPNdLM7G:/VgGD4KNWViIq4pOOPipHlzsQ7

Malware Config

Targets

    • Target

      Jigsaw2-b.exe

    • Size

      249KB

    • MD5

      33862bca1fe73d44277e9ad4f0aa81e1

    • SHA1

      e900bf9dc2ad2b18e362c8d42ae8e8ce74fb3ff1

    • SHA256

      053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

    • SHA512

      08c0ef71dcab39f772abf17b2c714bc89fe2add6fa61f734ea04c05770ad93a68e5fd9caf73d740c3c17dce1ebb0563b0bd82b20fc6a7e508a778bccbbf8384c

    • SSDEEP

      6144:VFVg9EpWQxCKDgqLSV2hIq45K4O4xDL1UnhvHNJ7h0W93MPNdLM7G:/VgGD4KNWViIq4pOOPipHlzsQ7

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.