General
-
Target
6984a724843fb60130a965a9fc317f2d_JaffaCakes118
-
Size
1.5MB
-
Sample
241022-je5fnawepm
-
MD5
6984a724843fb60130a965a9fc317f2d
-
SHA1
1ad9f8695c10adb69bdebd6bdc39b119707d500e
-
SHA256
917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457
-
SHA512
54d951c140df296b4fedff9225fee0e0660ee0f92a8790a7321da46334beb966a03a4d44bb0c9baac91cd53f1c81a84e7a35fc74aa67c8697590e87964e8420a
-
SSDEEP
24576:yL6O/FARFbJT83lUK17IXe5E/VjyL048Gjnz/tARwh/jriCHT:uDFsfalN7Ae54yj1jz/tAC
Malware Config
Targets
-
-
Target
6984a724843fb60130a965a9fc317f2d_JaffaCakes118
-
Size
1.5MB
-
MD5
6984a724843fb60130a965a9fc317f2d
-
SHA1
1ad9f8695c10adb69bdebd6bdc39b119707d500e
-
SHA256
917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457
-
SHA512
54d951c140df296b4fedff9225fee0e0660ee0f92a8790a7321da46334beb966a03a4d44bb0c9baac91cd53f1c81a84e7a35fc74aa67c8697590e87964e8420a
-
SSDEEP
24576:yL6O/FARFbJT83lUK17IXe5E/VjyL048Gjnz/tARwh/jriCHT:uDFsfalN7Ae54yj1jz/tAC
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (2007) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-