snatch | JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5
Size

2.4MB
MD5

bfaeb628eb811839395ca7bf5ef866a5
SHA1

0146e8ec67756f5ec6d349dc6ac6a1633f360341
SHA256

17c184859f0ba6c44db4b486aeb091ad2dae5f6078816a9b03bc71ad78d97d41
SHA512

cc19310cedebb89891bda9e29b85b6196eee6f50897c73e32d1b4f4b3a0c057fee7363e713e3514eac9eeab1e02b441817ea9ce49169d123db46e7c47f83ca1e
SSDEEP

49152:33j638rQukLXGqRYv+RlbImz4vX9f+pRLftA4n5JxJutIp0C+TYfuosy7WVYpVJe:3KJ3RSmzIX9W/LftT5Jx4IpOTYfuosyM

Score

10^/10

upx snatch

Malware Config

Signatures

Detecting the common Go functions and variables names used by Snatch ransomware 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_snatch

Snatch family
snatch

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5
unpack001/out.upx

Files

JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.3MB

UPX1 Size: 2.4MB - Virtual size: 2.4MB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 137KB - Virtual size: 444KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 248KB - Virtual size: 247KB

/32 Size: 49KB - Virtual size: 48KB

/46 Size: 512B - Virtual size: 40B

/65 Size: 469KB - Virtual size: 469KB

/78 Size: 251KB - Virtual size: 250KB

/90 Size: 87KB - Virtual size: 86KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 53KB

.symtab Size: 208KB - Virtual size: 208KB

UPX0
Size: - Virtual size: 2.3MB

UPX1
Size: 2.4MB - Virtual size: 2.4MB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 137KB - Virtual size: 444KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 248KB - Virtual size: 247KB

/32
Size: 49KB - Virtual size: 48KB

/46
Size: 512B - Virtual size: 40B

/65
Size: 469KB - Virtual size: 469KB

/78
Size: 251KB - Virtual size: 250KB

/90
Size: 87KB - Virtual size: 86KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 53KB

.symtab
Size: 208KB - Virtual size: 208KB