Overview

overview

10

Static

static

3

BitGenerator.exe

windows7-x64

10

BitGenerator.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afe4c96d18cde761fb1dc23c84b8d0d5_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241129-jva7ratqfx

  • MD5

    afe4c96d18cde761fb1dc23c84b8d0d5

  • SHA1

    dac3b558b5a31f23f8c58f8d98b8b0392c122b7f

  • SHA256

    0e10b25b841980640cfcafc6028427adb05e5305f69872fbd4a230b7a20eb77e

  • SHA512

    d71631da66c75d398b43f1a13843a507a2be47ce739852e64180ca15433189fae7af6078ffc33b3cb88f2b95c87304ad4627af5371a3f0fa5a6f8c0c00385852

  • SSDEEP

    24576:Lrl8VlI2UaKd2gwF7+xa//oOvzU2TXYQ1JDhG7Y+Fprbupb5IO2oc3RNqdxoB:3lCgmy4//oOzPLYQ1JDhG7xFYb5Hm2dI

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      BitGenerator.exe

    • Size

      2.0MB

    • MD5

      e57af3c82f33302d9736c178410bce30

    • SHA1

      edd2f34ec0ea57edde129253790f70f5c0390bb0

    • SHA256

      607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

    • SHA512

      ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

    • SSDEEP

      49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe

    Score
    10/10
    jigsawpersistenceransomwarespywarestealer

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Jigsaw family

      jigsaw

    • Renames multiple (1986) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks