SamSam

SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas
Type: MALWARE
Platforms: Windows
Version: 1.0

Associated Software Descriptions

Name Description
Samas [1]

Techniques Used

Domain ID Name Use
Enterprise T1009 Binary Padding

SamSam has used garbage code to pad some of its malware components.[3]

Enterprise T1486 Data Encrypted for Impact

SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3]

Enterprise T1107 File Deletion

SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3]

Enterprise T1027 Obfuscated Files or Information

SamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2]

Enterprise T1064 Scripting

SamSam uses custom batch scripts to execute some of its components.[3]

References