General

  • Target

    VirusShare_1e0812fbdaa20a2b9aaddf531daed935

  • Size

    240KB

  • Sample

    240607-vv9wvsce35

  • MD5

    1e0812fbdaa20a2b9aaddf531daed935

  • SHA1

    dc307a673aa5eecb5c1400f1d342e03697564f98

  • SHA256

    80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997

  • SHA512

    1fbd817f829be16a1b298242d47b2621affc9ae3c73201fadc4e82314fbceef644710fe6a3c67cbce2cd3447ffe7376ca09f1949583485633a804a0e44b58f95

  • SSDEEP

    6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/:HXxk3RHzsmP+agVznWqZa/Cr7A

Malware Config

Targets

    • Target

      VirusShare_1e0812fbdaa20a2b9aaddf531daed935

    • Size

      240KB

    • MD5

      1e0812fbdaa20a2b9aaddf531daed935

    • SHA1

      dc307a673aa5eecb5c1400f1d342e03697564f98

    • SHA256

      80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997

    • SHA512

      1fbd817f829be16a1b298242d47b2621affc9ae3c73201fadc4e82314fbceef644710fe6a3c67cbce2cd3447ffe7376ca09f1949583485633a804a0e44b58f95

    • SSDEEP

      6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/:HXxk3RHzsmP+agVznWqZa/Cr7A

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (1923) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks