jigsaw | 539dde48932d72bc34c981d6b1d2a84dcca608fe4658e7d3261e886cd5d08380 | Triage

Sharing

General

Target

6973f7a715d74916b5326b970e333623_JaffaCakes118
Size

306KB
Sample

241022-h263bswajk
MD5

6973f7a715d74916b5326b970e333623
SHA1

e06e38e69bf6d45a49aa945412d211ced00ef7e1
SHA256

539dde48932d72bc34c981d6b1d2a84dcca608fe4658e7d3261e886cd5d08380
SHA512

7d24c0a29990fda60fb10be22b53a3b8cb181d55b497040b5a05acc9300010cae84155302afd9994daf4b51cffb41dd668bd9ba0c8557fae781b1c68773b605b
SSDEEP

6144:kkzn1LgfRbgnIJnKP7peOrsN/ha3bI13gKUIO75uiXQXuNS0lM3P2hC:kMWfRk5VfswKk9S

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  miningclient/Mining Client.exe
- Size
  
  351KB
- MD5
  
  64e7c95aefe82efb39185321a6cdd5c4
- SHA1
  
  f8431cf0a73e4ede5b4b38185d73d8472cfe2ae7
- SHA256
  
  9580e6c4deba3bd46419a402b6309f77c2ed47ad62299c82ec8578400c2a3a64
- SHA512
  
  4062e13d7b5d0a8cdf15127509265363f234ed242eaaa35251d74d247c662e143f36cda6bd55b4b6e792d30e50a920799a137e375c91e943b812c096a727baf9
- SSDEEP
  
  6144:xS6NzGVdSv7S4rWSJ4/2lIVv0IN1FBB122Ve8cEvpFlNscjMTkx3gDRtPvPOXlMY:xRqu7SuWq4/w80GFBPcAvpXMTkx3gVtI
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Renames multiple (2021) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer

behavioral2

jigsawpersistenceransomwarespywarestealer