snatch | 36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4 | Triage

Submit
Reports

Overview

overview

Static

static

36a4311ef3...c4.exe

windows7-x64

36a4311ef3...c4.exe

windows10-2004-x64

Sharing

General

Target

36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4
Size

4.2MB
Sample

230418-lgkkdaaf39
MD5

32de66a467db22cf0f5b65d1a9f4e19c
SHA1

cdb5c200cba7da3f6e80e868ef7df380ac1259c2
SHA256

36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4
SHA512

af200cc334c05e5fe0df1d4c76b5ce469d034c0d62288d207b6bb6562579e07dc4510e4bfc4b726cf1a9f82ae8cb69c4630e981f23d05fb85e3be842a34244f1
SSDEEP

49152:fgZNPqLGVfMmq1d1MRGM8Fvg9fR5HMXF9W9HrAbluBUMNk+cqG2UtBpStPvC/9f+:fgXsMfql+9G9+B+tBpEPvCF

Score

10^/10

snatch evasion ransomware upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4.exe

Resource

win7-20230220-en

evasion ransomware upx

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4.exe

Resource

win10v2004-20230220-en

snatch evasion ransomware upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4
- Size
  
  4.2MB
- MD5
  
  32de66a467db22cf0f5b65d1a9f4e19c
- SHA1
  
  cdb5c200cba7da3f6e80e868ef7df380ac1259c2
- SHA256
  
  36a4311ef332b0b5db62f8fcabf004fdcfbbde62f791839a8be0314604d814c4
- SHA512
  
  af200cc334c05e5fe0df1d4c76b5ce469d034c0d62288d207b6bb6562579e07dc4510e4bfc4b726cf1a9f82ae8cb69c4630e981f23d05fb85e3be842a34244f1
- SSDEEP
  
  49152:fgZNPqLGVfMmq1d1MRGM8Fvg9fR5HMXF9W9HrAbluBUMNk+cqG2UtBpStPvC/9f+:fgXsMfql+9G9+B+tBpEPvCF
Score

10^/10

evasion ransomware upx snatch
- Detecting the common Go functions and variables names used by Snatch ransomware
- Snatch Ransomware
  Ransomware family generally distributed through RDP bruteforce attacks.
  ransomware snatch
- Modifies boot configuration data using bcdedit
  ransomware evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomwareupx

behavioral2

snatchevasionransomwareupx

© 2018-2024

Terms | Privacy