Jigsaw Ransomware - IOC - File Details


1) Ransomware Name - Jigsaw

2) Encrypted Extensions -
.btc
.kkk
.fun
.gws
.porno
.payransom
.payms
.paymst
.AFD
.paybtcs
.epic
.xyz
.encrypted
.hush
.paytounlock
.uk-dealer@sigaint.org
.gefickt
.nemo-hacks.at.sigaint.org

3) Ransom Note File - NA

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - https://www.google.com/url?q=http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/&sa=D&ust=1505062299909000&usg=AFQjCNGWd6-6BBCnBXdWhR-PDvRRvMRe8w


6) Screenshot -


7) Indicators of Compromise - NA


8) File Details -
MD5 10fe7cd6f81357e8349d545c973033dd
SHA1 89f6fdaad78285bd97234fec2f95b9ca06805d20
SHA256 2e76903c877088fb628337a9d520c57131daf2eb13a2114381c78b3f0fdd7d3b
ssdeep768: m5uN0g6 / voLsggvJ3tKFEXTPB7d0kAF10ttSwU9: JNF6 / QLB45wKXbBx0ki2tSwO
authentihash  3f1b149d07e7e8636636b8b7f7043c40ed64a10b28986181fb046c498432c2d4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 37.5 KB (38400 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

MD5 09e5352837eeaf9318baca7f4b22dde5
SHA1 4eef6f43cc0b249d16673cdb5a3d204dbe97ac52
SHA256 d9507c83cde125a881c896b7988347db42e8864414706d0c5389c64a894e6feb
ssdeep1536: C + eXyv46Q ++ acFswTo5E8i9ZTN3xe6MB5 + VCfAk5SXdsmpE4mwU0: 3qyv47 / sw05F0N3xe52QAkEtsj43
authentihash  7158bf3f3f0d4944afda5ff6c8bb8c9bdb8d205e6de4688bd3c868439b5bc22d
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 82.5 KB (84480 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

MD5 6652ffce33c65eb83be94140aad3264f
SHA1 6a0df4ffde84321cca40908c485fff999b6c8625
SHA256 65491998cf8f574a0e176ba761e923674a19a226b2445b363c6781849359a7ff
ssdeep6144: Bnnx37f + gLHdEVyqEmMgyzj2jVvadglTaM5Wa8ik: BnnBEcqEmMgy + jVvcgl2eWt
authentihash  54566d0372b0dc82586dbcb0844ad5db54ddf90ad3150b491380d6d9fc3b537a
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 194.5 KB (199168 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments