General
-
Target
b1e3b5c1bd78584ce102d10ca4c8dfc5_JaffaCakes118
-
Size
469KB
-
Sample
241129-rzd37svnhm
-
MD5
b1e3b5c1bd78584ce102d10ca4c8dfc5
-
SHA1
4f2ef55e73a35a31997b5b52302b8b420a028ae6
-
SHA256
6e5ef96557f4603fecfda52f9963687725f72ab1f805795ebdb091cc67c832a2
-
SHA512
f7aadd115f4ba3b247bd1cfdf1bd619fddf97ac6ed97fbbb78ebfdb23c4becac00fe85f6dc2592ae6e211071856c3147645a5374fcfc738a230224ed64a12dbf
-
SSDEEP
6144:qRUaln76uvhnBWDGXtydJ0/F6tkM9FLPv4cHGQQQeiuq9QrVbxOxcXt5ws/:f0n76uvtBRXUJ0/F+D9Ocmpfq41OYDwu
Malware Config
Targets
-
-
Target
BitcoinBlackmailer.exe.dis
-
Size
283KB
-
MD5
89d6fc6c1a51cef335f7ee2bc2aa60ae
-
SHA1
3f6e3e5126c837f46a18ee988dbf5756c2b856aa
-
SHA256
773295583998b76b4e24b562f85fa685577067614133db4a7df3d2a28cb4cc3a
-
SHA512
ea15149f24cb0e6b5ff5e43b42c0bb71a2d3f47f7068b6b3eba2f64a5a07ceec5f7c0e520d6babc2081f17b777d28847b83f405aa757401aabe5dc3d5ecc31dc
-
SSDEEP
6144:vUgDn7iOV7n1MDGXhAd705ZSlkTfMLJTOAZiYSXjjeqXus:M2n7iOVb1PX+705ZUkTfMLJTOAZiYSXF
Score1/10 -
-
-
Target
Ransom.Jigsaw.B.exe.dis
-
Size
283KB
-
MD5
2773e3dc59472296cb0024ba7715a64e
-
SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859
-
SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
-
SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (2028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-