General
-
Target
udasf.exe
-
Size
5.4MB
-
Sample
241029-vjwvvsyker
-
MD5
4171108985acf10ed305458034045917
-
SHA1
696e0d48b0395a328655e4149edea73a0bdd3bbd
-
SHA256
60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4
-
SHA512
4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0
-
SSDEEP
12288:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX:725cKlWi
Malware Config
Targets
-
-
Target
udasf.exe
-
Size
5.4MB
-
MD5
4171108985acf10ed305458034045917
-
SHA1
696e0d48b0395a328655e4149edea73a0bdd3bbd
-
SHA256
60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4
-
SHA512
4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0
-
SSDEEP
12288:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX:725cKlWi
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (3741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1