SOFTWARE
Arp
at
cmd
Dok
FTP
Net
Orz
Reg
RTM
Tor
yty
SOFTWARE
1-9
A-B
Arp
at
C-D
cmd
Dok
E-F
FTP
G-H
I-J
K-L
M-N
Net
O-P
Orz
Q-R
Reg
RTM
S-T
Tor
U-V
W-X
Y-Z
yty
  1. Home
  2. Software
  3. SamSam

SamSam

SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas
Type: MALWARE
Platforms: Windows
Version: 1.0

Associated Software Descriptions

Name Description
Samas [1]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1009 Binary Padding

SamSam has used garbage code to pad some of its malware components.[3]
Enterprise T1486 Data Encrypted for Impact

SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3]
Enterprise T1107 File Deletion

SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3]
Enterprise T1027 Obfuscated Files or Information

SamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2]
Enterprise T1064 Scripting

SamSam uses custom batch scripts to execute some of its components.[3]

References

  1. US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
  2. Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
  1. Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
  2. Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.