snatch | 6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042

Sharing

Copy URL

Twitter E-mail

General

Target

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
Size

2.4MB
MD5

dfb0ba993dbcc53e7c453d59d85372b0
SHA1

a8dfd1c15bebc6252a7d1cecd5783b3d1f5bc2c6
SHA256

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
SHA512

75c30c69226af23e81ae3a86e14ad668a93e3c12e8d2bec4978fa1532b1aea1f765091c915240ab517b0c9049d48fc6b631715417a71763268137a5aaf49fa17
SSDEEP

49152:cBreAFa1feMDXhquTYagOLkAdHGo8ZMtQTrlRNulgqjso3OiGoteWrQxBhyYt:SFSlGTOwAdHGoAMtQTBR/qAQOWAWrQ9N

Score

10^/10

upx snatch

Malware Config

Signatures

Detecting the common Go functions and variables names used by Snatch ransomware 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_snatch

Snatch family
snatch

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
unpack001/out.upx

Files

6516e04cd2987d6f53e1270d2c313b1aafa6fd7d13d73cf41fde8c19c05b3042
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.3MB

UPX1 Size: 2.4MB - Virtual size: 2.4MB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 137KB - Virtual size: 444KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 248KB - Virtual size: 247KB

/32 Size: 49KB - Virtual size: 48KB

/46 Size: 512B - Virtual size: 40B

/65 Size: 469KB - Virtual size: 469KB

/78 Size: 251KB - Virtual size: 250KB

/90 Size: 87KB - Virtual size: 86KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 53KB

.symtab Size: 208KB - Virtual size: 208KB

UPX0
Size: - Virtual size: 2.3MB

UPX1
Size: 2.4MB - Virtual size: 2.4MB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 137KB - Virtual size: 444KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 248KB - Virtual size: 247KB

/32
Size: 49KB - Virtual size: 48KB

/46
Size: 512B - Virtual size: 40B

/65
Size: 469KB - Virtual size: 469KB

/78
Size: 251KB - Virtual size: 250KB

/90
Size: 87KB - Virtual size: 86KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 53KB

.symtab
Size: 208KB - Virtual size: 208KB