jigsaw | e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80 | Triage

Sharing

General

Target

37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118
Size

240KB
Sample

240512-dtyc1aha93
MD5

37fa8fa315d60727ebce5fafa56690b8
SHA1

599c28e16fda50ab1377e900678084ae28557090
SHA256

e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80
SHA512

cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09
SSDEEP

6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/f:HXxk3RHzsmP+agVznWqZa/Cr7AX

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118
- Size
  
  240KB
- MD5
  
  37fa8fa315d60727ebce5fafa56690b8
- SHA1
  
  599c28e16fda50ab1377e900678084ae28557090
- SHA256
  
  e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80
- SHA512
  
  cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09
- SSDEEP
  
  6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/f:HXxk3RHzsmP+agVznWqZa/Cr7AX
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Renames multiple (1982) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer

behavioral2

jigsawpersistenceransomwarespywarestealer