snatch | 335119cef0b806406212347029779044b164106236a415669f6d544ec3417b42 | Triage

Submit
Reports

Overview

overview

Static

static

fisakalzbx64.exe

windows7-x64

9

fisakalzbx64.exe

windows10-2004-x64

4

Sharing

General

Target

fisakalzbx64.exe
Size

4.5MB
Sample

221102-sgj26sccgj
MD5

4a30561d4524503303a22cc33091cb2c
SHA1

c9392e3487d5c75f26eb0c736ba6b88e9a60512c
SHA256

335119cef0b806406212347029779044b164106236a415669f6d544ec3417b42
SHA512

19e6875992a1e890aa60b957dc3e0f9c6f4162b3ac859e13323e20a75fa903858c535d41abd512743264410c5b8c32802db8cc00b1e97027db7319cb440aa9a6
SSDEEP

49152:KLLA3Hrb/TzvO90dL3BmAFd4A64nsfJwwkr6OR1Q7Y2i1CC5E9ngrabyP2NgIo2Q:d3FJbQUHEF2uN86nubOC0DCZFOs

Score

10^/10

snatch ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fisakalzbx64.exe

Resource

win7-20220812-en

ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fisakalzbx64.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  fisakalzbx64.exe
- Size
  
  4.5MB
- MD5
  
  4a30561d4524503303a22cc33091cb2c
- SHA1
  
  c9392e3487d5c75f26eb0c736ba6b88e9a60512c
- SHA256
  
  335119cef0b806406212347029779044b164106236a415669f6d544ec3417b42
- SHA512
  
  19e6875992a1e890aa60b957dc3e0f9c6f4162b3ac859e13323e20a75fa903858c535d41abd512743264410c5b8c32802db8cc00b1e97027db7319cb440aa9a6
- SSDEEP
  
  49152:KLLA3Hrb/TzvO90dL3BmAFd4A64nsfJwwkr6OR1Q7Y2i1CC5E9ngrabyP2NgIo2Q:d3FJbQUHEF2uN86nubOC0DCZFOs
Score

9^/10

ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

© 2018-2024

Terms | Privacy