Overview

overview

10

Static

static

3

JigsawRansomware.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JigsawRansomware.exe

  • Size

    1.1MB

  • Sample

    240322-cd26kseg85

  • MD5

    6b7f99749cae07e2ad083b6591837c9d

  • SHA1

    d90e2aaf9bdc0b4185b1f68f6a53df5f2380eeee

  • SHA256

    45d9183b36802bfb861d0b7383c60b5cb0298760d013c97aa8838bca8002b1d7

  • SHA512

    6b3bfd17a6413671f9cbadfb1bb9dc999fc90af6b791670baf6c7f68feb417aed27bb358a70e1cd4b730bdd11a6e1e6a70ad87c3f92a8cd7bd89b66e7854da8d

  • SSDEEP

    24576:jmTQcPTAcySiDNpfVkqgfPyU8/oa8reuaDQkqjVnlqud+/2P+A:e70nS4pfVkqgy6r3askqXfd+/9A

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      JigsawRansomware.exe

    • Size

      1.1MB

    • MD5

      6b7f99749cae07e2ad083b6591837c9d

    • SHA1

      d90e2aaf9bdc0b4185b1f68f6a53df5f2380eeee

    • SHA256

      45d9183b36802bfb861d0b7383c60b5cb0298760d013c97aa8838bca8002b1d7

    • SHA512

      6b3bfd17a6413671f9cbadfb1bb9dc999fc90af6b791670baf6c7f68feb417aed27bb358a70e1cd4b730bdd11a6e1e6a70ad87c3f92a8cd7bd89b66e7854da8d

    • SSDEEP

      24576:jmTQcPTAcySiDNpfVkqgfPyU8/oa8reuaDQkqjVnlqud+/2P+A:e70nS4pfVkqgy6r3askqXfd+/9A

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Renames multiple (1488) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks