snatch | fdd2ae3a7ac4e82c84b9cf26c1669122342be929d7158cac317968effeb3676b | Triage

Submit
Reports

Overview

overview

Static

static

2e87dd5a57...91.exe

windows10-2004-x64

out.exe

windows10-2004-x64

3

Resubmissions

19-10-2022 21:03

221019-zv2byagfgk 10

19-10-2022 20:57

221019-zr17rsgee8 10

Sharing

General

Target

123.zip
Size

2.2MB
Sample

221019-zv2byagfgk
MD5

68202621505a0198a68b7afe8200197c
SHA1

22a0314908327691c897ad6cb2fad526e703e2e8
SHA256

fdd2ae3a7ac4e82c84b9cf26c1669122342be929d7158cac317968effeb3676b
SHA512

1ed27d15730b4cde65ebcf4718166bc24c768c809a3119e96620130d2d4bb9bfb8ca062a3a6231890d80f47e073402c72d3ed4fd44b107468626712e05873e1e
SSDEEP

49152:2df//kjv6QtjFC9dlQVzmqRRQc7KQ58q6exfzF1X8CmcBGwf:I3sjrjFc2zfec7h6uzTDmcBrf

Score

10^/10

snatch ransomware spyware stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91.exe

Resource

win10v2004-20220901-en

snatch ransomware spyware stealer upx

windows10-2004-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

out.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

300 seconds

Malware Config

Targets

- Target
  
  2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91
- Size
  
  2.3MB
- MD5
  
  bda4570095d3d36645df2753e4207a99
- SHA1
  
  222b33e246b3459ffe9ba18fab26ab4fe8ae23bf
- SHA256
  
  2e87dd5a57f8e99a4bbe841354a61508a3f203650b123f93f2c54c387edc2e91
- SHA512
  
  d0c031f37d3e5c8f6a63311db079519ef7d8af005cccd19f65d10ac19233eb982d287703dce97ae429c977b4c56584ae819f32527ac61b5db700ee7c8cdf9b9b
- SSDEEP
  
  49152:rUUYZLKOuuwlWOZsE/KrPnrjFjUbPY4vAzmhSGaM0RtZxsoVeY:rUU8Lalhm7rPVjUzYYAzmIGaM0bZxsj
Score

10^/10

snatch ransomware spyware stealer upx
- Detecting the common Go functions and variables names used by Snatch ransomware
- Snatch Ransomware
  Ransomware family generally distributed through RDP bruteforce attacks.
  ransomware snatch
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1
- Target
  
  out.upx
- Size
  
  3.9MB
- MD5
  
  6405fbc6615174220050d17693b8d786
- SHA1
  
  3adc35d998e019848282665709c52a4ce0f98613
- SHA256
  
  6a542ca7262c25091c2fba74f025ec1ac4e2c6c8fd8ee3f8e5490ccbb7b681c4
- SHA512
  
  43396cdacdcb51f1b442969e6af20faeff58fa9bbd7f6649fbd69c522683852fd84133173de4ded867c191f2a6135696d4d7744789a3de5534a1a120fe295144
- SSDEEP
  
  49152:u9YCOOaiJRsnr7VdoKP8RpM8ep1B9vCi/n0QtcK602UloCxB6K4AR/UirSPl+X:4YCe0cVa/eJXtcKcCLt46/v2
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snatchransomwarespywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy