General

  • Target

    9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d

  • Size

    2.0MB

  • Sample

    240130-ge7jxahga6

  • MD5

    22f2d4f9682ddadacf4fd6ead172e125

  • SHA1

    e9e6775d034c8c86218b95fe5de1455609aa5dc1

  • SHA256

    9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d

  • SHA512

    f821d6d89807a698e67eef75943d4e590be924bce3a1fbdaa7507641bce222c014e721f96a8a1083dff3c7d9e4445f62420949f5e0b3b9a97e2721415161ba7b

  • SSDEEP

    49152:Ye0jbW6GNjiSZTKAzkltDhTCcVX8saTtWycoJkqXfd+/9AH9783FGpv8EAQkcZ:YANuSZTKA0t9FFPEVJkqXf0Fi80kEXkc

Malware Config

Targets

    • Target

      9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d

    • Size

      2.0MB

    • MD5

      22f2d4f9682ddadacf4fd6ead172e125

    • SHA1

      e9e6775d034c8c86218b95fe5de1455609aa5dc1

    • SHA256

      9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d

    • SHA512

      f821d6d89807a698e67eef75943d4e590be924bce3a1fbdaa7507641bce222c014e721f96a8a1083dff3c7d9e4445f62420949f5e0b3b9a97e2721415161ba7b

    • SSDEEP

      49152:Ye0jbW6GNjiSZTKAzkltDhTCcVX8saTtWycoJkqXfd+/9AH9783FGpv8EAQkcZ:YANuSZTKA0t9FFPEVJkqXf0Fi80kEXkc

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks