- First seen: Summer 2018
- Aliases:
- Samples:
- cae18f8f1bbcb61f1c49d10fed1df13042aa11ddb28f4b986e17091d96467107 | windows | ransom | pe
- 28125dae3ab7b11bd6b0cbf318fd85ec51e75bca5be7efb997d5b950094cd184 | windows | ransom | pe
- 63c2c1ad4286dbad927358f62a449d6e1f9b1aa6436c92a2f6031e9554bed940 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 2603008 bytes |
| CRC32 | 0xdcdc4fa9 |
| MD5 | be427b6e7bdd1700376fc5ba92528494 |
| SHA1 | 5090ce9dbd5e237d271885155aa874b7730bf093 |
| SHA256 | cae18f8f1bbcb61f1c49d10fed1df13042aa11ddb28f4b986e17091d96467107 |
| SHA512 | b298acac7198b0ef439785337d82b40ca679b3e5b7a680d1fdebad887bc58291a2c871f1b093458527e36509bc7aa074a6b27e4142dffce3999ea831e8e42e00 |
| Ssdeep | 49152:2sL/RrZALGqmIHhd7CiCjDB1P5H1Kk7hqxzv2cwu4TQ9B5sUo6bozglN4XmNp2M:fLLuGqzHh8J1hHwchkzvN08ds/CNl+X |
| Magic | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Packer | PE+(64): packer: UPX(3.95)[NRV,brute] PE+(64): linker: unknown(3.0)[EXE64] |
| TrID | 86.3% (.EXE) UPX compressed Win64 Executable (70117/5/12) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 2.4% (.EXE) OS/2 Executable (generic) (2029/13) 2.4% (.EXE) Generic Win/DOS Executable (2002/3) 2.4% (.EXE) DOS Executable Generic (2000/1) |
+ Avast: clean
+ Avira: clean
- Bitdefender: Gen:Variant.Ransom.GoRansom.2
+ Clamav: clean
- Comodo: Malware
+ Drweb: clean
- Eset: WinGo/Filecoder.A
- Fsecure: Heuristic.HEUR/AGEN.1211756
- Kaspersky: HEUR:Trojan-Ransom.Win32.Gen.vho
+ Mcafee: clean
- Sophos: Troj/GoRnsm-D
+ Symantec: clean
+ Trendmicro: clean
- Windefender: Ransom:Win64/Snatch.A!MTB| Property | Value |
|---|---|
| Size | 3808768 bytes |
| CRC32 | 0xd62b6aac |
| MD5 | 8a6ba8c536b5986d7e8a477f35555d37 |
| SHA1 | a255d57f3ab5e0716d4a73ab4ab97783ec20e4f2 |
| SHA256 | 28125dae3ab7b11bd6b0cbf318fd85ec51e75bca5be7efb997d5b950094cd184 |
| SHA512 | dd2dfccba9d553ab664b73974cb60dc4716bb34e21a21d7486977a882975ef36a79d1741aa6254599248ee3daf47b699f107ffc219d73c6efa456fc91b996041 |
| Ssdeep | 49152:mLJWugd1WAXxSXOjcX7g9x4IVVfUyQuZFBLTpQ7+R0:C0jjcXstUWB3pQ7+6 |
| Magic | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| Packer | PE+(64): linker: unknown(3.0)[EXE64,console] |
| TrID | 48.6% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1) |
- Avast: Win64:Trojan-gen
- Avira: TR/FileCoder.gjdfh
- Bitdefender: Trojan.Ransom.Snatch.A
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
- Eset: Win64/Filecoder.AA
- Fsecure: Trojan.TR/FileCoder.gjdfh
- Kaspersky: Trojan.Win64.Agent.qwhxdn
- Mcafee: Ransom-Snatch
- Sophos: Troj/Ransom-FTC
- Symantec: Ransom.Snatch
- Trendmicro: Ransom.Win64.SNATCH.AB
- Windefender: Trojan:Win32/CryptInject!MSR| Property | Value |
|---|---|
| Size | 4807680 bytes |
| CRC32 | 0x62be874d |
| MD5 | 26e46fc3dff7635d2f538545e8fe5209 |
| SHA1 | edda359ef29f0a2c93353ea0d3cb5af995d72a05 |
| SHA256 | 63c2c1ad4286dbad927358f62a449d6e1f9b1aa6436c92a2f6031e9554bed940 |
| SHA512 | 985c3d179fd21d4dd0ef88b9b2fbebd4972ff2e8b8b035a003757d585ea18a4593a35059107d9d545e55809828dd969322db18b7702ddff675d68d3089baed03 |
| Ssdeep | 98304:aHCEZY+nX012v0vfQXYF4GkxxOqbISnCABxz8OaIXiReLRx:ABYOk12zakx1FCA/zZyReV |
| Magic | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Packer | PE+(64): packer: UPX(3.95)[NRV,brute] PE+(64): linker: unknown(3.0)[EXE64] |
| TrID | 86.3% (.EXE) UPX compressed Win64 Executable (70117/5/12) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 2.4% (.EXE) OS/2 Executable (generic) (2029/13) 2.4% (.EXE) Generic Win/DOS Executable (2002/3) 2.4% (.EXE) DOS Executable Generic (2000/1) |
+ Avast: clean
- Avira: TR/Ransom.Snatch.B
- Bitdefender: Trojan.Ransom.Snatch.A
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
- Eset: Generik.NGDTZMP
- Fsecure: Trojan.TR/Ransom.Snatch.B
- Kaspersky: Trojan-Ransom.Win64.Snatch.b
- Mcafee: Ransom-Snatch
+ Sophos: clean
- Symantec: Ransom.Snatch
- Trendmicro: Ransom.Win64.SNATCH.AB
- Windefender: Trojan:Win32/CryptInject!MSR