jigsaw | 91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92 | Triage

Resubmissions

03/08/2024, 03:16 UTC

240803-dse52awejb 10

03/08/2024, 03:15 UTC

240803-dr286swdrd 10

03/08/2024, 03:15 UTC

240803-drxcxs1fnj 10

03/08/2024, 03:14 UTC

240803-drpcba1fmq 10

03/08/2024, 03:14 UTC

240803-drh6aswdqd 10

03/08/2024, 03:12 UTC

240803-dqhs5swdmc 3

03/08/2024, 03:08 UTC

240803-dm7m4awcpe 10

03/08/2024, 03:07 UTC

240803-dmj7sswcne 10

Sharing

General

Target

df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
Size

229KB
Sample

240803-drh6aswdqd
MD5

e0532c3452c5de166144de85144ab86e
SHA1

a1ac8137db77d51f426500a89c5009adaf0313bf
SHA256

91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92
SHA512

a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176
SSDEEP

6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  rBlbqI2.bin
- Size
  
  291KB
- MD5
  
  2fec9bf50de5395f799b23a1099b10d6
- SHA1
  
  6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e
- SHA256
  
  df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763
- SHA512
  
  5f6885fb1940ee4f84507e2b7929f637d8f264a5c77329aeae31803b772608ea93370177017f90f6f8d8bc9e0b30eb8607ed120d4ead68104fd70feec71a9ab8
- SSDEEP
  
  6144:pdSK04ETTZ+4TBpvjLCnVlBpevKBauJirVuD05VSKJ:poL4EnU4T/vjLeVlayRihuA5D
Score

10^/10

jigsaw discovery persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Renames multiple (1518) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawdiscoverypersistenceransomwarespywarestealer