General

  • Target

    e57af3c82f33302d9736c178410bce30_JaffaCakes118

  • Size

    2.0MB

  • Sample

    241212-j6wmtsxrgy

  • MD5

    e57af3c82f33302d9736c178410bce30

  • SHA1

    edd2f34ec0ea57edde129253790f70f5c0390bb0

  • SHA256

    607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

  • SHA512

    ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

  • SSDEEP

    49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe

Malware Config

Targets

    • Target

      e57af3c82f33302d9736c178410bce30_JaffaCakes118

    • Size

      2.0MB

    • MD5

      e57af3c82f33302d9736c178410bce30

    • SHA1

      edd2f34ec0ea57edde129253790f70f5c0390bb0

    • SHA256

      607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

    • SHA512

      ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

    • SSDEEP

      49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    • Jigsaw family

    • Renames multiple (2021) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks