Overview

overview

9

Static

static

10

32ff829d4c...8d.exe

windows7_x64

9

32ff829d4c...8d.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32ff829d4c104583e3b4cc1c10d0ca79b254cfbc20974faa27fdffc6902b098d

  • Size

    3.9MB

  • Sample

    210409-f23139n292

  • MD5

    9a56ecdcba22c107ecbc6fa0e70e937e

  • SHA1

    f7104ea0606827291ecca11ab3a1ac9e72de5ba2

  • SHA256

    32ff829d4c104583e3b4cc1c10d0ca79b254cfbc20974faa27fdffc6902b098d

  • SHA512

    8a6f7068ed621edd7596300d4db2c606bbe63df0cdfcf0021a27309229c9073d576d43400364bbee61ef60281195c664e9545760f7dc8e0d68b629b28794c8da

Score
10/10
snatchransomwarespywarestealer

Malware Config

Targets

    • Target

      32ff829d4c104583e3b4cc1c10d0ca79b254cfbc20974faa27fdffc6902b098d

    • Size

      3.9MB

    • MD5

      9a56ecdcba22c107ecbc6fa0e70e937e

    • SHA1

      f7104ea0606827291ecca11ab3a1ac9e72de5ba2

    • SHA256

      32ff829d4c104583e3b4cc1c10d0ca79b254cfbc20974faa27fdffc6902b098d

    • SHA512

      8a6f7068ed621edd7596300d4db2c606bbe63df0cdfcf0021a27309229c9073d576d43400364bbee61ef60281195c664e9545760f7dc8e0d68b629b28794c8da

    Score
    9/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks