General

  • Target

    2024-10-23_dc3ba6285c2a5669fbb95587532eed68_hiddentear

  • Size

    606KB

  • Sample

    241023-mpqa9sxcrl

  • MD5

    dc3ba6285c2a5669fbb95587532eed68

  • SHA1

    53bb4a49e23830ba559db00f7949a4189c7eb596

  • SHA256

    897c8b26c82d78f14a43a0e7b3617993a806f7fa45812427c3b12a141bb7ce96

  • SHA512

    9d1531701810d5c3a8fd57fc054908d85dc8e0edfbd58f6e8806e43a275dc6b8d99118e67f954ce3a88c95f140d345ec5441dc0908a1b4c3fe9c331cfd9a2aed

  • SSDEEP

    12288:g4XLj1zY8ejQ8BLXYTiMXrX0IHPfuTjaDt01zWY+EOiOLAAf:jXFzYVMLz0sDD2+r8A

Malware Config

Targets

    • Target

      2024-10-23_dc3ba6285c2a5669fbb95587532eed68_hiddentear

    • Size

      606KB

    • MD5

      dc3ba6285c2a5669fbb95587532eed68

    • SHA1

      53bb4a49e23830ba559db00f7949a4189c7eb596

    • SHA256

      897c8b26c82d78f14a43a0e7b3617993a806f7fa45812427c3b12a141bb7ce96

    • SHA512

      9d1531701810d5c3a8fd57fc054908d85dc8e0edfbd58f6e8806e43a275dc6b8d99118e67f954ce3a88c95f140d345ec5441dc0908a1b4c3fe9c331cfd9a2aed

    • SSDEEP

      12288:g4XLj1zY8ejQ8BLXYTiMXrX0IHPfuTjaDt01zWY+EOiOLAAf:jXFzYVMLz0sDD2+r8A

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Renames multiple (2006) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks