Resubmissions

03-08-2024 03:16

240803-dse52awejb 10

03-08-2024 03:15

240803-dr286swdrd 10

03-08-2024 03:15

240803-drxcxs1fnj 10

03-08-2024 03:14

240803-drpcba1fmq 10

03-08-2024 03:14

240803-drh6aswdqd 10

03-08-2024 03:12

240803-dqhs5swdmc 3

03-08-2024 03:08

240803-dm7m4awcpe 10

03-08-2024 03:07

240803-dmj7sswcne 10

General

  • Target

    df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip

  • Size

    229KB

  • Sample

    240803-dm7m4awcpe

  • MD5

    e0532c3452c5de166144de85144ab86e

  • SHA1

    a1ac8137db77d51f426500a89c5009adaf0313bf

  • SHA256

    91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92

  • SHA512

    a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176

  • SSDEEP

    6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+

Malware Config

Targets

    • Target

      df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip

    • Size

      229KB

    • MD5

      e0532c3452c5de166144de85144ab86e

    • SHA1

      a1ac8137db77d51f426500a89c5009adaf0313bf

    • SHA256

      91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92

    • SHA512

      a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176

    • SSDEEP

      6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+

    Score
    1/10
    • Target

      rBlbqI2.bin

    • Size

      291KB

    • MD5

      2fec9bf50de5395f799b23a1099b10d6

    • SHA1

      6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e

    • SHA256

      df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763

    • SHA512

      5f6885fb1940ee4f84507e2b7929f637d8f264a5c77329aeae31803b772608ea93370177017f90f6f8d8bc9e0b30eb8607ed120d4ead68104fd70feec71a9ab8

    • SSDEEP

      6144:pdSK04ETTZ+4TBpvjLCnVlBpevKBauJirVuD05VSKJ:poL4EnU4T/vjLeVlayRihuA5D

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (1530) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks