Extracted

• • Target

    d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a.bin

  • Size

    2.5MB

  • MD5

    1a2978ce842c0d4c2fc309801cbbcabb

  • SHA1

    45adb2e2ee26e9221b76e71180dc955b7c9eff70

  • SHA256

    d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a

  • SHA512

    5cefd6c89153259835cdd0e4be1c68bf61ccf25c63c8a2bcf78e0bcbde354ca588e39e06699820ca4da488f3e69a14e04f89d25cd1be6c01c80fb210f9da23ac

  Score

  10^/10

  snatchransomwarespywarestealerupx

  • Detecting the common Go functions and variables names used by Snatch ransomware

  • Snatch Ransomware

    Ransomware family generally distributed through RDP bruteforce attacks.

    ransomwaresnatch

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2