General

  • Target

    VirusShare_5a9bd3d7f1534431a396a033d16ca496

  • Size

    240KB

  • Sample

    240607-xpvabsdb82

  • MD5

    5a9bd3d7f1534431a396a033d16ca496

  • SHA1

    0c269c5a641fd479269c2f353841a5bf9910888b

  • SHA256

    bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28

  • SHA512

    e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844

  • SSDEEP

    6144:aDYZVxYgPZEz36R2eqHzs5oP+8fgsOznWqZajzCrY4F8TV:nXxO3RHzsmP+agVznWqZa/Cr7W

Malware Config

Targets

    • Target

      VirusShare_5a9bd3d7f1534431a396a033d16ca496

    • Size

      240KB

    • MD5

      5a9bd3d7f1534431a396a033d16ca496

    • SHA1

      0c269c5a641fd479269c2f353841a5bf9910888b

    • SHA256

      bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28

    • SHA512

      e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844

    • SSDEEP

      6144:aDYZVxYgPZEz36R2eqHzs5oP+8fgsOznWqZajzCrY4F8TV:nXxO3RHzsmP+agVznWqZa/Cr7W

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (1921) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks