SamSam

SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas

Type: MALWARE
Platforms: Windows

Version: 1.0

Associated Software Descriptions

NameDescription
Samas[1]

Techniques Used

DomainIDNameUse
EnterpriseT1009Binary PaddingSamSam has used garbage code to pad some of its malware components.[3]
EnterpriseT1486Data Encrypted for ImpactSamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3]
EnterpriseT1107File DeletionSamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3]
EnterpriseT1027Obfuscated Files or InformationSamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2]
EnterpriseT1064ScriptingSamSam uses custom batch scripts to execute some of its components.[3]

References