Snatch Ransomware – Malware Analysis Case Study

Overview.

During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability to reboot affected devices into Safe Mode, where most of the services and security tools are disabled. Then, in this weakened state, it encrypts user data.
Snatch Ransomware Malware Analysis Case-Study

We found multiple variants, either 32-bit and 64-bit binaries written in Go and packed with UPX packer. These Go binaries also contain obfuscated strings, so for accelerating the analysis we developed the IDA Python script for IDA Pro Disassembler, which can be used to automate strings extraction and deobfuscation.

The Snatch ransomware is operated by Snatch Team, which prepares unique samples tailored to their victims – the attackers can recognize these samples and appropriate decryption keys either by Victim name or by extension of encrypted files.

 

Download “Snatch Ransomware – Malware Analysis Case Study” to learn more

Related Resources

Article Case Study cyber cybersecurity networks paper pen testing Penetration Testing report security wifi

Wi-Fi Network Penetration Testing with a Synopsis of Ontology to Enhance the Security

Most use the internet to send messages or documents (data) from point (A) to point (B). This is mainly done...

Case Study cyber cybersecurity LockBit ransomware Whitepaper

A Detailed Analysis of the LockBit Ransomware

LockBit 2.0 ransomware is one of the most active families in the wild and pretends to implement the fastest encryption...

Case Study cybersecurity Grief Ransomware Whitepaper

A Deep Dive into The Grief Ransomware’s Capabilities

Grief ransomware is the successor of the DoppelPaymer ransomware, which emerged from the BitPaymer ransomware. Grief is deployed in an...