General
-
Target
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c
-
Size
5.4MB
-
Sample
230925-sj5fwshd36
-
MD5
c95c81ca4e6b8153b458d29186e696bc
-
SHA1
f97f8f78abb205dda329d89143aae34ba04d13df
-
SHA256
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c
-
SHA512
b16b34d9865286bad27128bc9cff81ab76c438c891d208015d7f957067a7e5dce228c2cccb9c15fb587f60c30dcda98684b5f7b011ba19793849323a239b2ae5
-
SSDEEP
49152:lQg2p4oH77z/vVYyuI2LxaafnQqrfHdYmGD2u24ccQ9B1AzA7NUkZ+no6pzUiFR+:9oRG2kZ+nxxEGBRHYFzupjUqvbdwj
Static task
static1
Behavioral task
behavioral1
Sample
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT
Targets
-
-
Target
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c
-
Size
5.4MB
-
MD5
c95c81ca4e6b8153b458d29186e696bc
-
SHA1
f97f8f78abb205dda329d89143aae34ba04d13df
-
SHA256
28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c
-
SHA512
b16b34d9865286bad27128bc9cff81ab76c438c891d208015d7f957067a7e5dce228c2cccb9c15fb587f60c30dcda98684b5f7b011ba19793849323a239b2ae5
-
SSDEEP
49152:lQg2p4oH77z/vVYyuI2LxaafnQqrfHdYmGD2u24ccQ9B1AzA7NUkZ+no6pzUiFR+:9oRG2kZ+nxxEGBRHYFzupjUqvbdwj
Score10/10-
Detecting the common Go functions and variables names used by Snatch ransomware
-
Snatch Ransomware
Ransomware family generally distributed through RDP bruteforce attacks.
-
Renames multiple (4055) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (7791) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-