General

  • Target

    053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

  • Size

    249KB

  • Sample

    240130-geh7baahhm

  • MD5

    33862bca1fe73d44277e9ad4f0aa81e1

  • SHA1

    e900bf9dc2ad2b18e362c8d42ae8e8ce74fb3ff1

  • SHA256

    053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

  • SHA512

    08c0ef71dcab39f772abf17b2c714bc89fe2add6fa61f734ea04c05770ad93a68e5fd9caf73d740c3c17dce1ebb0563b0bd82b20fc6a7e508a778bccbbf8384c

  • SSDEEP

    6144:VFVg9EpWQxCKDgqLSV2hIq45K4O4xDL1UnhvHNJ7h0W93MPNdLM7G:/VgGD4KNWViIq4pOOPipHlzsQ7

Malware Config

Targets

    • Target

      053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

    • Size

      249KB

    • MD5

      33862bca1fe73d44277e9ad4f0aa81e1

    • SHA1

      e900bf9dc2ad2b18e362c8d42ae8e8ce74fb3ff1

    • SHA256

      053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa

    • SHA512

      08c0ef71dcab39f772abf17b2c714bc89fe2add6fa61f734ea04c05770ad93a68e5fd9caf73d740c3c17dce1ebb0563b0bd82b20fc6a7e508a778bccbbf8384c

    • SSDEEP

      6144:VFVg9EpWQxCKDgqLSV2hIq45K4O4xDL1UnhvHNJ7h0W93MPNdLM7G:/VgGD4KNWViIq4pOOPipHlzsQ7

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (2142) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks