2024-05-09_2a8e4ae4ed8d497e35378e6b9ce18c5f_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_2a8e4ae4ed8d497e35378e6b9ce18c5f_snatch
Size

11.2MB
MD5

2a8e4ae4ed8d497e35378e6b9ce18c5f
SHA1

be923921ad8299339e78114e79b0f351ae53c103
SHA256

07b698a2b0db640e0d2ba6331c28d928c95e06a6b4221b16676bc585ca073e55
SHA512

4f3397c3955c8a950ab6a096052949d315b5163abd6cfbb1f21f0c38151432f16bf155c6a6f0fa5fb72baecf170fe24958fd99350bc240334a066b1890a30a73
SSDEEP

98304:dHCadp5trNX73Vd596RziNXGd2Ndh2EAjxBJqgjrKVvU6BgQSzKuM:dJHrNXx96l8zANrKVvU6BS

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_2a8e4ae4ed8d497e35378e6b9ce18c5f_snatch

Files

2024-05-09_2a8e4ae4ed8d497e35378e6b9ce18c5f_snatch
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 903KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ