Overview

overview

10

Static

static

3

5950b4e275...cd.exe

windows7-x64

10

5950b4e275...cd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5950b4e27554585123d7fca44e83169375c6001201e3bf26e57d079437e70bcd

  • Size

    5.4MB

  • Sample

    230925-scy1jaga2v

  • MD5

    3d29e9cdd2a9d76e57e8a3f9e6ed3643

  • SHA1

    5ad94f5303aed57a9d4f0055f15076454840064a

  • SHA256

    5950b4e27554585123d7fca44e83169375c6001201e3bf26e57d079437e70bcd

  • SHA512

    942bbbdbaf823329d65dd5ae58a2ec6098b5b35203523aae2c4bf47875730f346e0511a38983dfa8d9673752a546a5bfb4690a145d17a7d2b03f6fe8c659403f

  • SSDEEP

    98304:R4Hf6JMfWTMVWWqoMVBk+B4D79mXPepfDgsC8yVP2SuxHf846FAP01B7ZVzO:R4HFtqrVm+B4D7k94LHf8FAKc

Score
10/10
snatchransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
We inform you that your network has undergone a penetration test, during which we encrypted your files and downloaded more than 250 GB of your and your customers data, including: Marketing data Accounting Confidentional documents Personal data Copy of some mailboxes Databases backups Important! Do not try to decrypt the files yourself or using third-party utilities. The only program that can decrypt them is our decryptor, which you can request from the contacts below. Any other program will only damage files in such a way that it will be impossible to restore them. You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor by using the contacts below. Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public. Contact me: [email protected] or [email protected] Additional ways to communicate in tox chat tox id: A2DCDE8AAC5AB15F552621CF24A44A708EDFD0C89E22AE77087FA1E2F4FA057ABDD292BA6259 =========================================================== Customer service TOX ID: 0FF26770BFAEAD95194506E6970CC1C395B04159038D785DE316F05CE6DE67324C6038727A58 Only emergency! Use if support is not responding

Targets

    • Target

      5950b4e27554585123d7fca44e83169375c6001201e3bf26e57d079437e70bcd

    • Size

      5.4MB

    • MD5

      3d29e9cdd2a9d76e57e8a3f9e6ed3643

    • SHA1

      5ad94f5303aed57a9d4f0055f15076454840064a

    • SHA256

      5950b4e27554585123d7fca44e83169375c6001201e3bf26e57d079437e70bcd

    • SHA512

      942bbbdbaf823329d65dd5ae58a2ec6098b5b35203523aae2c4bf47875730f346e0511a38983dfa8d9673752a546a5bfb4690a145d17a7d2b03f6fe8c659403f

    • SSDEEP

      98304:R4Hf6JMfWTMVWWqoMVBk+B4D79mXPepfDgsC8yVP2SuxHf846FAP01B7ZVzO:R4HFtqrVm+B4D7k94LHf8FAKc

    Score
    10/10
    snatchransomwarespywarestealer

    • Detecting the common Go functions and variables names used by Snatch ransomware

    • Snatch Ransomware

      Ransomware family generally distributed through RDP bruteforce attacks.

      ransomwaresnatch

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (7781) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Renames multiple (7987) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks