snatch | 6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042 | Triage

Submit
Reports

Overview

overview

Static

static

6516e04cd2...42.exe

windows7-x64

7

6516e04cd2...42.exe

windows10-2004-x64

out.exe

windows7-x64

1

out.exe

windows10-2004-x64

1

Sharing

General

Target

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
Size

2.4MB
Sample

240101-pntcmsaggm
MD5

dfb0ba993dbcc53e7c453d59d85372b0
SHA1

a8dfd1c15bebc6252a7d1cecd5783b3d1f5bc2c6
SHA256

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
SHA512

75c30c69226af23e81ae3a86e14ad668a93e3c12e8d2bec4978fa1532b1aea1f765091c915240ab517b0c9049d48fc6b631715417a71763268137a5aaf49fa17
SSDEEP

49152:cBreAFa1feMDXhquTYagOLkAdHGo8ZMtQTrlRNulgqjso3OiGoteWrQxBhyYt:SFSlGTOwAdHGoAMtQTBR/qAQOWAWrQ9N

Score

10^/10

snatch ransomware upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042.exe

Resource

win10v2004-20231215-en

snatch ransomware upx

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

out.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

out.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
- Size
  
  2.4MB
- MD5
  
  dfb0ba993dbcc53e7c453d59d85372b0
- SHA1
  
  a8dfd1c15bebc6252a7d1cecd5783b3d1f5bc2c6
- SHA256
  
  6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
- SHA512
  
  75c30c69226af23e81ae3a86e14ad668a93e3c12e8d2bec4978fa1532b1aea1f765091c915240ab517b0c9049d48fc6b631715417a71763268137a5aaf49fa17
- SSDEEP
  
  49152:cBreAFa1feMDXhquTYagOLkAdHGo8ZMtQTrlRNulgqjso3OiGoteWrQxBhyYt:SFSlGTOwAdHGoAMtQTBR/qAQOWAWrQ9N
Score

10^/10

upx snatch ransomware
- Detecting the common Go functions and variables names used by Snatch ransomware
- Snatch Ransomware
  Ransomware family generally distributed through RDP bruteforce attacks.
  ransomware snatch
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  out.upx
- Size
  
  4.3MB
- MD5
  
  afa8855270fba877136a0c42a581d86b
- SHA1
  
  b4598628fffbd1f2e96a619268084bd9f82b40b4
- SHA256
  
  147d4f0ad5bfc196e5604eaec8f56260a20eb45d386685b92650922979c383d4
- SHA512
  
  ed41fa7b7f7d8127a1d3329f1e434a7a90eccb92ba690911c48888f4c097886bf8145336cd9b2aeac77431d1baaebc7165d85ed9474a5c46c5cc9f6be1a8377e
- SSDEEP
  
  98304:/0E89jysRBnqKllEb/3cdEBq1qiyZOM4:/0E89msRBnqKvBYv2M4
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

snatchransomwareupx

behavioral3

behavioral4

© 2018-2024

Terms | Privacy