General

  • Target

    VirusShare_6973f7a715d74916b5326b970e333623

  • Size

    306KB

  • Sample

    240607-xstg7scc4s

  • MD5

    6973f7a715d74916b5326b970e333623

  • SHA1

    e06e38e69bf6d45a49aa945412d211ced00ef7e1

  • SHA256

    539dde48932d72bc34c981d6b1d2a84dcca608fe4658e7d3261e886cd5d08380

  • SHA512

    7d24c0a29990fda60fb10be22b53a3b8cb181d55b497040b5a05acc9300010cae84155302afd9994daf4b51cffb41dd668bd9ba0c8557fae781b1c68773b605b

  • SSDEEP

    6144:kkzn1LgfRbgnIJnKP7peOrsN/ha3bI13gKUIO75uiXQXuNS0lM3P2hC:kMWfRk5VfswKk9S

Malware Config

Targets

    • Target

      miningclient/Mining Client.exe

    • Size

      351KB

    • MD5

      64e7c95aefe82efb39185321a6cdd5c4

    • SHA1

      f8431cf0a73e4ede5b4b38185d73d8472cfe2ae7

    • SHA256

      9580e6c4deba3bd46419a402b6309f77c2ed47ad62299c82ec8578400c2a3a64

    • SHA512

      4062e13d7b5d0a8cdf15127509265363f234ed242eaaa35251d74d247c662e143f36cda6bd55b4b6e792d30e50a920799a137e375c91e943b812c096a727baf9

    • SSDEEP

      6144:xS6NzGVdSv7S4rWSJ4/2lIVv0IN1FBB122Ve8cEvpFlNscjMTkx3gDRtPvPOXlMY:xRqu7SuWq4/w80GFBPcAvpXMTkx3gVtI

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (1967) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks