General

  • Target

    VirusShare_afe4c96d18cde761fb1dc23c84b8d0d5

  • Size

    1.5MB

  • Sample

    240607-xs88nadc27

  • MD5

    afe4c96d18cde761fb1dc23c84b8d0d5

  • SHA1

    dac3b558b5a31f23f8c58f8d98b8b0392c122b7f

  • SHA256

    0e10b25b841980640cfcafc6028427adb05e5305f69872fbd4a230b7a20eb77e

  • SHA512

    d71631da66c75d398b43f1a13843a507a2be47ce739852e64180ca15433189fae7af6078ffc33b3cb88f2b95c87304ad4627af5371a3f0fa5a6f8c0c00385852

  • SSDEEP

    24576:Lrl8VlI2UaKd2gwF7+xa//oOvzU2TXYQ1JDhG7Y+Fprbupb5IO2oc3RNqdxoB:3lCgmy4//oOzPLYQ1JDhG7xFYb5Hm2dI

Malware Config

Targets

    • Target

      BitGenerator.exe

    • Size

      2.0MB

    • MD5

      e57af3c82f33302d9736c178410bce30

    • SHA1

      edd2f34ec0ea57edde129253790f70f5c0390bb0

    • SHA256

      607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

    • SHA512

      ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

    • SSDEEP

      49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (2010) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks