Overview

overview

10

Static

static

3

JigsawRansomware.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JigsawRansomware.exe

  • Size

    1.1MB

  • Sample

    240322-cjjleshb2t

  • MD5

    ac80d4e9b77e93b7a0e71065a14194db

  • SHA1

    49d7bd2d9dad11c569275d90a8901fb5a2927085

  • SHA256

    4643ba163a689a919e621229a55fa854e1d1a8c0ba233fe81deee762692ff43a

  • SHA512

    a4a560fa8c9a02e8ac1584c30e3cb7369b153482319b553de64afff43b955d15150f299ca32c97e61562375eb374c11b3f7b2908ae368f041c168eb4bade8730

  • SSDEEP

    24576:ZmTQcPTAcySiDNpfVkqgfPyU8/oa8reuaDQkqjVnlqud+/2P+A:s70nS4pfVkqgy6r3askqXfd+/9A

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      JigsawRansomware.exe

    • Size

      1.1MB

    • MD5

      ac80d4e9b77e93b7a0e71065a14194db

    • SHA1

      49d7bd2d9dad11c569275d90a8901fb5a2927085

    • SHA256

      4643ba163a689a919e621229a55fa854e1d1a8c0ba233fe81deee762692ff43a

    • SHA512

      a4a560fa8c9a02e8ac1584c30e3cb7369b153482319b553de64afff43b955d15150f299ca32c97e61562375eb374c11b3f7b2908ae368f041c168eb4bade8730

    • SSDEEP

      24576:ZmTQcPTAcySiDNpfVkqgfPyU8/oa8reuaDQkqjVnlqud+/2P+A:s70nS4pfVkqgy6r3askqXfd+/9A

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Renames multiple (1482) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks