General
-
Target
VirusShare_5a9bd3d7f1534431a396a033d16ca496
-
Size
240KB
-
Sample
240607-xpvabsdb82
-
MD5
5a9bd3d7f1534431a396a033d16ca496
-
SHA1
0c269c5a641fd479269c2f353841a5bf9910888b
-
SHA256
bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28
-
SHA512
e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844
-
SSDEEP
6144:aDYZVxYgPZEz36R2eqHzs5oP+8fgsOznWqZajzCrY4F8TV:nXxO3RHzsmP+agVznWqZa/Cr7W
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
VirusShare_5a9bd3d7f1534431a396a033d16ca496
-
Size
240KB
-
MD5
5a9bd3d7f1534431a396a033d16ca496
-
SHA1
0c269c5a641fd479269c2f353841a5bf9910888b
-
SHA256
bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28
-
SHA512
e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844
-
SSDEEP
6144:aDYZVxYgPZEz36R2eqHzs5oP+8fgsOznWqZajzCrY4F8TV:nXxO3RHzsmP+agVznWqZa/Cr7W
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (1921) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-