Overview

overview

10

Static

static

10

36a4311ef3...c4.exe

windows7-x64

36a4311ef3...c4.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4

  • Size

    4.2MB

  • Sample

    230418-lgkkdaaf39

  • MD5

    32de66a467db22cf0f5b65d1a9f4e19c

  • SHA1

    cdb5c200cba7da3f6e80e868ef7df380ac1259c2

  • SHA256

    36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4

  • SHA512

    af200cc334c05e5fe0df1d4c76b5ce469d034c0d62288d207b6bb6562579e07dc4510e4bfc4b726cf1a9f82ae8cb69c4630e981f23d05fb85e3be842a34244f1

  • SSDEEP

    49152:fgZNPqLGVfMmq1d1MRGM8Fvg9fR5HMXF9W9HrAbluBUMNk+cqG2UtBpStPvC/9f+:fgXsMfql+9G9+B+tBpEPvCF

Score
10/10
snatchevasionransomwareupx

Malware Config

Targets

    • Target

      36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4

    • Size

      4.2MB

    • MD5

      32de66a467db22cf0f5b65d1a9f4e19c

    • SHA1

      cdb5c200cba7da3f6e80e868ef7df380ac1259c2

    • SHA256

      36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4

    • SHA512

      af200cc334c05e5fe0df1d4c76b5ce469d034c0d62288d207b6bb6562579e07dc4510e4bfc4b726cf1a9f82ae8cb69c4630e981f23d05fb85e3be842a34244f1

    • SSDEEP

      49152:fgZNPqLGVfMmq1d1MRGM8Fvg9fR5HMXF9W9HrAbluBUMNk+cqG2UtBpStPvC/9f+:fgXsMfql+9G9+B+tBpEPvCF

    Score
    10/10
    evasionransomwareupxsnatch

    • Detecting the common Go functions and variables names used by Snatch ransomware

    • Snatch Ransomware

      Ransomware family generally distributed through RDP bruteforce attacks.

      ransomwaresnatch

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks