c75aafdf8e8b92543f3e36dc82ee05f31a24e6b1d256aa98a8b6bef1aabfaadc | Triage

Submit
Reports

Overview

overview

8

Static

static

3

2024-04-27...ch.exe

windows7-x64

1

2024-04-27...ch.exe

windows10-2004-x64

8

Sharing

General

Target

2024-04-27_cbb6e97c7dfd3e4d5e5c8d2b39b44c2a_snatch
Size

8.6MB
Sample

240427-2mrhwaae5v
MD5

cbb6e97c7dfd3e4d5e5c8d2b39b44c2a
SHA1

d0524ce699b24aefb90fa29e6399df0324b3cbdc
SHA256

c75aafdf8e8b92543f3e36dc82ee05f31a24e6b1d256aa98a8b6bef1aabfaadc
SHA512

2a93864b080fc951e48e565a476f4a40abbc3b8e9ef4500dd2fe1275f5c1b82e74707fff8ff005d0de48a8e81e6965470d52e9fe27266cd10221bbe2e47d5af9
SSDEEP

49152:z4ryGF2IjQhgIz4eWzJyz+Xgcij4YcpB1KAwd5H2WT055XlBpYRzIh286Rj6KX5g:08/WzeNYBkAwOEigI0Erev7g/0n2ee5

Score

8^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-27_cbb6e97c7dfd3e4d5e5c8d2b39b44c2a_snatch.exe

Resource

win7-20240215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-27_cbb6e97c7dfd3e4d5e5c8d2b39b44c2a_snatch.exe

Resource

win10v2004-20240426-en

discovery evasion persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-27_cbb6e97c7dfd3e4d5e5c8d2b39b44c2a_snatch
- Size
  
  8.6MB
- MD5
  
  cbb6e97c7dfd3e4d5e5c8d2b39b44c2a
- SHA1
  
  d0524ce699b24aefb90fa29e6399df0324b3cbdc
- SHA256
  
  c75aafdf8e8b92543f3e36dc82ee05f31a24e6b1d256aa98a8b6bef1aabfaadc
- SHA512
  
  2a93864b080fc951e48e565a476f4a40abbc3b8e9ef4500dd2fe1275f5c1b82e74707fff8ff005d0de48a8e81e6965470d52e9fe27266cd10221bbe2e47d5af9
- SSDEEP
  
  49152:z4ryGF2IjQhgIz4eWzJyz+Xgcij4YcpB1KAwd5H2WT055XlBpYRzIh286Rj6KX5g:08/WzeNYBkAwOEigI0Erev7g/0n2ee5
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy