1. Home
  2. Software
  3. SamSam

SamSam

SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 15 April 2019
Last Modified: 11 April 2024

Associated Software Descriptions

Name Description
Samas

[1]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 命令与脚本解释器: Windows Command Shell

SamSam uses custom batch scripts to execute some of its components.[3]
Enterprise T1486 数据加密以实现影响

SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files.[3]
Enterprise T1027 .001 混淆文件或信息: Binary Padding

SamSam has used garbage code to pad some of its malware components.[3]
.013 混淆文件或信息: Encrypted/Encoded File

SamSam has been seen using AES or DES to encrypt payloads and payload components.[3][2]
Enterprise T1070 .004 移除指标: File Deletion

SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.[3]

References

  1. US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
  2. Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
  1. Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
  2. Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.