General
-
Target
5a5606ab7bdfef1fa8dc0dbc8138e1e330f8ae14717f4d196369448c053dde6c.exe
-
Size
2.0MB
-
Sample
241204-d92qcswjeq
-
MD5
787a833034f151bf6f8145f5842a019d
-
SHA1
772e0a6f54d0236eeb27043008776369670291d9
-
SHA256
5a5606ab7bdfef1fa8dc0dbc8138e1e330f8ae14717f4d196369448c053dde6c
-
SHA512
b38a654dee0ec188351f9810604eff2bebd711d42c9b128e09c5faec0738995c085f32b9ef2f27ffb8b9c3bf204cd470605ea547a989518a2d1d6a1e95d76482
-
SSDEEP
49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4C:Znmk9FIeDeZw9MAIep
Malware Config
Targets
-
-
Target
5a5606ab7bdfef1fa8dc0dbc8138e1e330f8ae14717f4d196369448c053dde6c.exe
-
Size
2.0MB
-
MD5
787a833034f151bf6f8145f5842a019d
-
SHA1
772e0a6f54d0236eeb27043008776369670291d9
-
SHA256
5a5606ab7bdfef1fa8dc0dbc8138e1e330f8ae14717f4d196369448c053dde6c
-
SHA512
b38a654dee0ec188351f9810604eff2bebd711d42c9b128e09c5faec0738995c085f32b9ef2f27ffb8b9c3bf204cd470605ea547a989518a2d1d6a1e95d76482
-
SSDEEP
49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4C:Znmk9FIeDeZw9MAIep
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (2006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-