Resubmissions
03-08-2024 03:16
240803-dse52awejb 1003-08-2024 03:15
240803-dr286swdrd 1003-08-2024 03:15
240803-drxcxs1fnj 1003-08-2024 03:14
240803-drpcba1fmq 1003-08-2024 03:14
240803-drh6aswdqd 1003-08-2024 03:12
240803-dqhs5swdmc 303-08-2024 03:08
240803-dm7m4awcpe 1003-08-2024 03:07
240803-dmj7sswcne 10General
-
Target
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
-
Size
229KB
-
Sample
240803-dm7m4awcpe
-
MD5
e0532c3452c5de166144de85144ab86e
-
SHA1
a1ac8137db77d51f426500a89c5009adaf0313bf
-
SHA256
91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92
-
SHA512
a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176
-
SSDEEP
6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+
Static task
static1
Behavioral task
behavioral1
Sample
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
rBlbqI2.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
-
Size
229KB
-
MD5
e0532c3452c5de166144de85144ab86e
-
SHA1
a1ac8137db77d51f426500a89c5009adaf0313bf
-
SHA256
91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92
-
SHA512
a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176
-
SSDEEP
6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+
Score1/10 -
-
-
Target
rBlbqI2.bin
-
Size
291KB
-
MD5
2fec9bf50de5395f799b23a1099b10d6
-
SHA1
6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e
-
SHA256
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763
-
SHA512
5f6885fb1940ee4f84507e2b7929f637d8f264a5c77329aeae31803b772608ea93370177017f90f6f8d8bc9e0b30eb8607ed120d4ead68104fd70feec71a9ab8
-
SSDEEP
6144:pdSK04ETTZ+4TBpvjLCnVlBpevKBauJirVuD05VSKJ:poL4EnU4T/vjLeVlayRihuA5D
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (1530) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-