Resubmissions

30-08-2024 18:45

240830-xehhsaygqa 10

30-08-2024 18:24

240830-w19zgsygrk 10

30-08-2024 18:20

240830-wyy47syfpm 6

General

  • Target

    Ransomware-Samples

  • Size

    318KB

  • Sample

    240830-w19zgsygrk

  • MD5

    4d769fef0ba5e506272a7bb3d8af5bfd

  • SHA1

    a3c8707909f41971591bcee631f9b6c4e8d00409

  • SHA256

    ee6d8f24bcf3b55b57b9ecf1e3345a5d1b5fddcad9f343acf9fa5022d26a9c5f

  • SHA512

    426ff4366a019b0222748a0a41d2d8a851f11b56605dc6e4f6d589e38618bdcda3b1fc86c15435578088c66b9d08bda41158337a3c23a764366a05f7278a3d60

  • SSDEEP

    6144:s/oWF3uokeOvHS1d1+CNs8wbiWQA9AvZJT3CqbMrhryf65NRPaCieMjAkvCJv1V0:qoWF3uokeOvHS1d1+CNs8wbiWQA9AvZz

Malware Config

Targets

    • Target

      Ransomware-Samples

    • Size

      318KB

    • MD5

      4d769fef0ba5e506272a7bb3d8af5bfd

    • SHA1

      a3c8707909f41971591bcee631f9b6c4e8d00409

    • SHA256

      ee6d8f24bcf3b55b57b9ecf1e3345a5d1b5fddcad9f343acf9fa5022d26a9c5f

    • SHA512

      426ff4366a019b0222748a0a41d2d8a851f11b56605dc6e4f6d589e38618bdcda3b1fc86c15435578088c66b9d08bda41158337a3c23a764366a05f7278a3d60

    • SSDEEP

      6144:s/oWF3uokeOvHS1d1+CNs8wbiWQA9AvZJT3CqbMrhryf65NRPaCieMjAkvCJv1V0:qoWF3uokeOvHS1d1+CNs8wbiWQA9AvZz

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (2015) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks