General
-
Target
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d
-
Size
2.0MB
-
Sample
240130-ge7jxahga6
-
MD5
22f2d4f9682ddadacf4fd6ead172e125
-
SHA1
e9e6775d034c8c86218b95fe5de1455609aa5dc1
-
SHA256
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d
-
SHA512
f821d6d89807a698e67eef75943d4e590be924bce3a1fbdaa7507641bce222c014e721f96a8a1083dff3c7d9e4445f62420949f5e0b3b9a97e2721415161ba7b
-
SSDEEP
49152:Ye0jbW6GNjiSZTKAzkltDhTCcVX8saTtWycoJkqXfd+/9AH9783FGpv8EAQkcZ:YANuSZTKA0t9FFPEVJkqXf0Fi80kEXkc
Static task
static1
Behavioral task
behavioral1
Sample
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d
-
Size
2.0MB
-
MD5
22f2d4f9682ddadacf4fd6ead172e125
-
SHA1
e9e6775d034c8c86218b95fe5de1455609aa5dc1
-
SHA256
9004e4161cc50ac62f76988aefe4504df4fd636d12708630e825e0c7b74cd12d
-
SHA512
f821d6d89807a698e67eef75943d4e590be924bce3a1fbdaa7507641bce222c014e721f96a8a1083dff3c7d9e4445f62420949f5e0b3b9a97e2721415161ba7b
-
SSDEEP
49152:Ye0jbW6GNjiSZTKAzkltDhTCcVX8saTtWycoJkqXfd+/9AH9783FGpv8EAQkcZ:YANuSZTKA0t9FFPEVJkqXf0Fi80kEXkc
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-