snatch | a165417d30d442cf63e14f467a44e08337f0e2229ba82b54b5aed17a6f4a7788[.]rl[.]zip

General

Target

a165417d30d442cf63e14f467a44e08337f0e2229ba82b54b5aed17a6f4a7788.rl.zip
Size

2.4MB
MD5

f0f96fc0b0ff452b0295f541d0b81576
SHA1

61f6a2bc3fcff5d71f422fd67520529599fa19f2
SHA256

37eca05efdadf2436566193ccc0abd0f07203c0bef8e15551546c9cc754f378c
SHA512

acaf3cf4dfa44e8821443cd31a0313c95c498489f2958cee6d1b33acafbce8b76ee7c48d7cf45484a6f8323a877256c2488ddb8d4a1db37a01b32aa2a9365219
SSDEEP

49152:1xkXoYFxzooIfQjE613cQqMH5u0LaQ1w6gh8eKvADp0vMil5:1xkXoYFxkowAcXM4mZNgh8eKIDp+

Score

10^/10

upx snatch

Detecting the common Go functions and variables names used by Snatch ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/74cfb2b96582ac00612a640e850fcb70e293a011.rl	family_snatch

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/74cfb2b96582ac00612a640e850fcb70e293a011.rl	upx

a165417d30d442cf63e14f467a44e08337f0e2229ba82b54b5aed17a6f4a7788.rl.zip
.zip

Password: infected
74cfb2b96582ac00612a640e850fcb70e293a011.rl
.exe windows x64

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE