Overview

overview

10

Static

static

10

2e87dd5a57...91.exe

windows7-x64

10

2e87dd5a57...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91

  • Size

    2.3MB

  • Sample

    221019-vd5ktageb7

  • MD5

    bda4570095d3d36645df2753e4207a99

  • SHA1

    222b33e246b3459ffe9ba18fab26ab4fe8ae23bf

  • SHA256

    2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91

  • SHA512

    d0c031f37d3e5c8f6a63311db079519ef7d8af005cccd19f65d10ac19233eb982d287703dce97ae429c977b4c56584ae819f32527ac61b5db700ee7c8cdf9b9b

  • SSDEEP

    49152:rUUYZLKOuuwlWOZsE/KrPnrjFjUbPY4vAzmhSGaM0RtZxsoVeY:rUU8Lalhm7rPVjUzYYAzmIGaM0bZxsj

Score
10/10
snatchransomwarespywarestealerupx

Malware Config

Targets

    • Target

      2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91

    • Size

      2.3MB

    • MD5

      bda4570095d3d36645df2753e4207a99

    • SHA1

      222b33e246b3459ffe9ba18fab26ab4fe8ae23bf

    • SHA256

      2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91

    • SHA512

      d0c031f37d3e5c8f6a63311db079519ef7d8af005cccd19f65d10ac19233eb982d287703dce97ae429c977b4c56584ae819f32527ac61b5db700ee7c8cdf9b9b

    • SSDEEP

      49152:rUUYZLKOuuwlWOZsE/KrPnrjFjUbPY4vAzmhSGaM0RtZxsoVeY:rUU8Lalhm7rPVjUzYYAzmIGaM0bZxsj

    Score
    10/10
    snatchransomwarespywarestealerupx

    • Detecting the common Go functions and variables names used by Snatch ransomware

    • Snatch Ransomware

      Ransomware family generally distributed through RDP bruteforce attacks.

      ransomwaresnatch

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks