Rewterz Threat Alert – SNAKE Ransomware

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

March 7, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

March 7, 2022

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

Severity

High

Analysis Summary

Snake emerged for the first time in late November 2020. Since November 2020, malicious actors have started releasing Snake through phishing attacks. Snake Ransomware is built-in Golang, an open-source programming language that supports several operating systems. It deletes the computer’s Shadow Volume Copies and terminates processes linked to SCADA systems, virtual machines, industrial control systems, remote management tools, network management applications, and other programs. This ransomware has been attacking industrial control systems’ operations and files. Snake bypasses all Windows and other system directories on the machine during encryption. In comparison to other ransomware attacks, its encryption procedure is slower.

Impact

File encryption

Indicators of Compromise

Filename

OutChecker[.]exe

MD5

718c8fb33180b404ea0def3ef7414162

SHA-256

bc876ccd33cea3df7e6238056419eead55e24b8bcfc72f56b00ada6d4ca3afe4

SHA-1

f969e171c44dde1959fb3a611760d81559386962

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.