snatch | 42e978a513d1bce5d9b837029a3f280220d7cabb7be556c6ee2a9e8113fd0c92

General

Target

42e978a513d1bce5d9b837029a3f280220d7cabb7be556c6ee2a9e8113fd0c92
Size

4.6MB
Sample

240101-pjt4daafgr
MD5

30803c7dd34a425b0e5a62a782576148
SHA1

41a65c6a96ad29fe2a33cae37938fa927ba202e7
SHA256

42e978a513d1bce5d9b837029a3f280220d7cabb7be556c6ee2a9e8113fd0c92
SHA512

ad5d6f994501fcf0a38d015f4aa83e06fbb9c09f667e333fbc78c4a9b5c5341b77ea975a57f35b0d861b379cff6410578ad51221668dec2aa4926d22770b9e9c
SSDEEP

49152:i9b8Scr3fzHowpVjg7eB4z17/nhzk/E5Xgg2Ju9omuMgcs4Ty5hPLZPwDBQH2/5x:i1uPzHowIE4Fhzk/0jQ9DtcQypMJ

Score

10^/10

snatch ransomware

Malware Config

Extracted

Path

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\HOW TO RESTORE YOUR FILES.TXT

Ransom Note

Hello! All your files are encrypted, write to me if you want to return your files - I can do it very quickly! Contact me by email: [email protected] or [email protected] The subject line must contain an encryption extension or the name of your company! Do not rename encrypted files, you may lose them forever. You may be a victim of fraud. Free decryption as a guarantee. Send us up to 3 files for free decryption. The total file size should be no more than 1 MB! (not in the archive), and the files should not contain valuable information. (databases, backups, large Excel spreadsheets, etc.) !!! Do not turn off or restart the NAS equipment. This will lead to data loss !!! To contact us, we recommend that you create an email address at protonmail.com or tutanota.com Because gmail and other public email programs can block our messages!

Emails

[email protected]

Targets

- Target
  
  42e978a513d1bce5d9b837029a3f280220d7cabb7be556c6ee2a9e8113fd0c92
- Size
  
  4.6MB
- MD5
  
  30803c7dd34a425b0e5a62a782576148
- SHA1
  
  41a65c6a96ad29fe2a33cae37938fa927ba202e7
- SHA256
  
  42e978a513d1bce5d9b837029a3f280220d7cabb7be556c6ee2a9e8113fd0c92
- SHA512
  
  ad5d6f994501fcf0a38d015f4aa83e06fbb9c09f667e333fbc78c4a9b5c5341b77ea975a57f35b0d861b379cff6410578ad51221668dec2aa4926d22770b9e9c
- SSDEEP
  
  49152:i9b8Scr3fzHowpVjg7eB4z17/nhzk/E5Xgg2Ju9omuMgcs4Ty5hPLZPwDBQH2/5x:i1uPzHowIE4Fhzk/0jQ9DtcQypMJ
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

2

T1070

File Deletion

2

T1070.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2

T1490

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes shadow copies

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2