1. Home
  2. Software
  3. SamSam

SamSam

SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 15 April 2019
Last Modified: 18 April 2019
Version Permalink

Associated Software Descriptions

Name Description
Samas

[1]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

SamSam uses custom batch scripts to execute some of its components.[3]
Enterprise T1486 Data Encrypted for Impact

SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3]
Enterprise T1070 .004 Indicator Removal on Host: File Deletion

SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3]
Enterprise T1027 Obfuscated Files or Information

SamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2]
.001 Binary Padding

SamSam has used garbage code to pad some of its malware components.[3]

References

  1. US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
  2. Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
  1. Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
  2. Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.