Extracted

• • Target

    f7f85240efa2ebe980a83df6c3d834699703ba1c3c5f38ec58687aba219a0c03

  • Size

    2.4MB

  • MD5

    18ad51c411e955400dfda2e1ec290d25

  • SHA1

    f5a896e93f0c068441bbf2d76fd44571a61869b8

  • SHA256

    f7f85240efa2ebe980a83df6c3d834699703ba1c3c5f38ec58687aba219a0c03

  • SHA512

    6a5315f66dec6f8a790c2aa39f656170fcd4c6507f0364cc949c97af41439b4fb1d6f4f131e513b00c06ac6a17906b9cbced8db1c57fe800ed0955b10d928a9f

  • SSDEEP

    49152:j5t2anwKeCP+0NevGW/9WVttBfZir9TXpbyGu9LgBg6cuquAbyJKfHYAMHz5kURY:72anw5CP+eeR1MtPZiZTXp+Gu9Lr6cu8

  Score

  10^/10

  ransomwareupxsnatch

  • Detecting the common Go functions and variables names used by Snatch ransomware

  • Snatch Ransomware

    Ransomware family generally distributed through RDP bruteforce attacks.

    ransomwaresnatch

  • Renames multiple (77) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2

• • Target

    out.upx

  • Size

    4.3MB

  • MD5

    d2dbbdbbd8882cca722d0d1cc76b9701

  • SHA1

    977d8ef32c7b9992617e2f5b5943ea9bda089c6f

  • SHA256

    4fe0c409ecf96c5662fa385ed01dd84ceeceabc3781f11e70855db5328e2033a

  • SHA512

    c39d09e6d873921ab99174dfdf6b1a3d83db2d70a2a5757d4fca2815f4329c16b4e9989a5e3b767d0048b6a222e3bfdce236c5234ec1f7723424ec2c94cc424c

  • SSDEEP

    98304:1WktIWOfqMdgFpXEbQ9tdzeI1svziyZOM4:1WktI/fqMdgFlX0vz2M4

  Score

  1^/10
  behavioral3behavioral4