jigsaw | ff1190c2f302175cb3f41a5d3f35dd3b3a46dacff431b6c3c9a601358d1c8ce9 | Triage

Sharing

General

Target

0046337f34a88489c08cb37dd90dc2de_JaffaCakes118
Size

1.4MB
Sample

240930-jvg1asydkf
MD5

0046337f34a88489c08cb37dd90dc2de
SHA1

4e5e05eca8bdcbf7a2bfd41ba5a2cfa2d4e0408c
SHA256

ff1190c2f302175cb3f41a5d3f35dd3b3a46dacff431b6c3c9a601358d1c8ce9
SHA512

714d2b23aca8f94f8e76853326bfc9f09acdcd80793f5af2fa8a41aee0d4ed7c23aa6fd388aeb6c64bc81a8760a7c04720c3c23200dea8e394befc28ac75cf6b
SSDEEP

12288:I1hL6GGiwn2UpXpgX+3W/4M5H0IUf9FECN3X4qHWXD09rUw7myAIT2+meAMLNzka:6t7Up4wQaHWX3yAQDAmzxR

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  0046337f34a88489c08cb37dd90dc2de_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  0046337f34a88489c08cb37dd90dc2de
- SHA1
  
  4e5e05eca8bdcbf7a2bfd41ba5a2cfa2d4e0408c
- SHA256
  
  ff1190c2f302175cb3f41a5d3f35dd3b3a46dacff431b6c3c9a601358d1c8ce9
- SHA512
  
  714d2b23aca8f94f8e76853326bfc9f09acdcd80793f5af2fa8a41aee0d4ed7c23aa6fd388aeb6c64bc81a8760a7c04720c3c23200dea8e394befc28ac75cf6b
- SSDEEP
  
  12288:I1hL6GGiwn2UpXpgX+3W/4M5H0IUf9FECN3X4qHWXD09rUw7myAIT2+meAMLNzka:6t7Up4wQaHWX3yAQDAmzxR
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Renames multiple (1997) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer

behavioral2

jigsawpersistenceransomwarespywarestealer