Overview

overview

10

Static

static

10

2024-05-05...ch.exe

windows7-x64

1

2024-05-05...ch.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-05_df594b5e36c0bd70bd6427fe9c2c744a_ngrbot_snatch

  • Size

    12.1MB

  • MD5

    df594b5e36c0bd70bd6427fe9c2c744a

  • SHA1

    f3dd3eb2f5efa3a767d161eac62477fbffeebf20

  • SHA256

    6d0d4e80cbc78b88a3a6ac60b37ef2732d49ba59ff86c449f447336d3166338e

  • SHA512

    e5169e48e566e4e9c057153c84e18f191c4166a7d289c11a172228c17bbdfd8f8ad856fe55288534f9ed731b6b26c82686d4275f095bbe7134886991caa06889

  • SSDEEP

    98304:Stz5V/i8KX5MwQU3a7TlPJKuLC5cmEEyT2TLivt/uCo/ShjIQaV42:e/i8KywQe4rsQaV4

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-05_df594b5e36c0bd70bd6427fe9c2c744a_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections