General
-
Target
c019ba63879bb6c6574077082407d661_JaffaCakes118
-
Size
283KB
-
Sample
241204-bh7q7ayrbj
-
MD5
c019ba63879bb6c6574077082407d661
-
SHA1
bd21d50a695e6041c6a536c00b13df151d50e389
-
SHA256
b40d4f27ebfa9e4e64187b74b932416e53431fa2f78fa95fbdc4fc5f9405f65c
-
SHA512
20601773b2f165e7e2340a0e79112b347d5b1625b498ce75eaf78c1f0d75039c747655a3e48e2da593c00480b0d7653a961466d6260258dd102d7933791ef2c6
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Malware Config
Targets
-
-
Target
c019ba63879bb6c6574077082407d661_JaffaCakes118
-
Size
283KB
-
MD5
c019ba63879bb6c6574077082407d661
-
SHA1
bd21d50a695e6041c6a536c00b13df151d50e389
-
SHA256
b40d4f27ebfa9e4e64187b74b932416e53431fa2f78fa95fbdc4fc5f9405f65c
-
SHA512
20601773b2f165e7e2340a0e79112b347d5b1625b498ce75eaf78c1f0d75039c747655a3e48e2da593c00480b0d7653a961466d6260258dd102d7933791ef2c6
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (2015) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-