Extracted

• • Target

    cd4b4566460611a2dfa75f755270d5b2f56edff3d50a9ef6be8b3c92728c46a3

  • Size

    2.2MB

  • MD5

    664351f9e645e79cdf17d8bb859ef8e5

  • SHA1

    6f45ee1f3246318d94368de97648245718de795d

  • SHA256

    cd4b4566460611a2dfa75f755270d5b2f56edff3d50a9ef6be8b3c92728c46a3

  • SHA512

    ccd49da2df1fdc3e789000709ce871abe6c90c98842040d818c343d04a165eade662433483e1ea1891c43d099616a29dced57d483cdd35d7642ed30ae66995a1

  • SSDEEP

    49152:kZxdq3f7AohAROoPkMrZVOGeBPEwSX+gyJ7I1Pud1w7pVJ9EluMH3opjhKa70I3Q:kOPhAooPkMnoI+gyJuJ7DJSluMHOjhji

  Score

  10^/10

  snatchransomwareupx

  • Detecting the common Go functions and variables names used by Snatch ransomware

  • Snatch Ransomware

    Ransomware family generally distributed through RDP bruteforce attacks.

    ransomwaresnatch

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (3317) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2

• • Target

    out.upx

  • Size

    3.9MB

  • MD5

    c4d8f9d2ebe997ad21f9d5ad0d8ac31a

  • SHA1

    0f7ac5007b73c608233d482cd8ad24ee3da734dc

  • SHA256

    61033f4e5908e6f85058725d233205c4424814fb12154599cb6927b1968f3c78

  • SHA512

    818284f998c31daf391cb5203bf396d66ae8159e303a0904c26650a61d30ea74225044b4b52f0fb727753e8851246aede5d75b4fbc6223e89e1926b323820796

  • SSDEEP

    49152:gqgTYxi19Sl56EixSSvXl5/Jdmir6V2xL02Ul3Suynuw0zMAl9rurLc3Z:gqgWkQl5jYNQiGVgja3GLc

  Score

  3^/10
  behavioral3behavioral4