SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
SamSam
SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]
ID: S0370
Associated Software: Samas
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 15 April 2019
Last Modified: 18 April 2019
Associated Software Descriptions
Name | Description |
---|---|
Samas |
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
SamSam uses custom batch scripts to execute some of its components.[3] |
Enterprise | T1486 | Data Encrypted for Impact |
SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3] |
|
Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3] |
Enterprise | T1027 | Obfuscated Files or Information |
SamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2] |
|
.001 | Binary Padding |
SamSam has used garbage code to pad some of its malware components.[3] |
References
×