jigsaw | fbf8be8a3fa09d761b4293648317e48426a72f9ffc8782b1643d4cdae16ccf55 | Triage

Sharing

General

Target

Jigsaw-0b.zip
Size

228KB
Sample

250404-bwmm6sxwg1
MD5

0893ab355927c22772f629eed2b8bd4d
SHA1

a286905bbae0527c4c883a476aeeebf4618ca0cf
SHA256

fbf8be8a3fa09d761b4293648317e48426a72f9ffc8782b1643d4cdae16ccf55
SHA512

7493f2fc8794de1300145949812d149b065c08ba207b8334f3fdc4108b0480ec0fea029f39e4d08edf86ec955f22c453bad78363ae26f03b21c05c757e2bb50e
SSDEEP

6144:+Ec8M1DcVFVtkRFzjy4ad+lLAbAoEgZ6OBu:+z8XVp2zO4u2LAbAD3Su

Score

10^/10

jigsaw persistence ransomware

Malware Config

Targets

- Target
  
  Jigsaw.exe
- Size
  
  335KB
- MD5
  
  44a4d5c0cbd33c189f18018326e8801e
- SHA1
  
  533d0a6895ffb5846b6e7bcb738c4056293f91d7
- SHA256
  
  f32a14e2a7a2510862c04fdc2e9ae97bb4f444d33dc5394360ad3402548bf687
- SHA512
  
  9aa19261579caadeb028f75db52a05e3ef66880df44d21e73cf65ac472ed3b276deaef37227c20af50d821414f2a1df88fb78c985adc0739bab7d0ed3a866205
- SSDEEP
  
  3072:NfWmKpcIhNLHiS6ur76srcmGG10loGm44q2UWBWXyPNKTWI87aXKPmsqjCnSNBPK:gR7Osoc1DGm44HcX2oaIrBP33kQCfBp
Score

10^/10

jigsaw persistence ransomware
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Jigsaw family
  jigsaw
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomware