General
-
Target
e57af3c82f33302d9736c178410bce30_JaffaCakes118
-
Size
2.0MB
-
Sample
241212-j6wmtsxrgy
-
MD5
e57af3c82f33302d9736c178410bce30
-
SHA1
edd2f34ec0ea57edde129253790f70f5c0390bb0
-
SHA256
607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0
-
SHA512
ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40
-
SSDEEP
49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe
Static task
static1
Behavioral task
behavioral1
Sample
e57af3c82f33302d9736c178410bce30_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
e57af3c82f33302d9736c178410bce30_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e57af3c82f33302d9736c178410bce30_JaffaCakes118
-
Size
2.0MB
-
MD5
e57af3c82f33302d9736c178410bce30
-
SHA1
edd2f34ec0ea57edde129253790f70f5c0390bb0
-
SHA256
607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0
-
SHA512
ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40
-
SSDEEP
49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (2021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-