Overview

overview

10

Static

static

10

2024-05-10...ch.exe

windows7-x64

1

2024-05-10...ch.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-10_847edd6fcd34fb9bf8f9769f6d817f0a_ngrbot_snatch

  • Size

    9.5MB

  • MD5

    847edd6fcd34fb9bf8f9769f6d817f0a

  • SHA1

    a0250b8d997dfffdde67dcd2f0288c6244dd4058

  • SHA256

    7dc101bd2fe1b7507df06911a2cf0cfdd5cf7e6d53c53c4856e0f64f37959274

  • SHA512

    1085d65e681c80488f6944d926ad6214847f15140248ffcf1a8ac244ef6b0164ad30e76d38a9c17c307a74600120df89392888e42db4ef0d454000fd932d2b35

  • SSDEEP

    98304:W8DFzCuAVVOZoaJMRyZyJiYJLj4MpETeRKpAYEtc:NhCuAVVpGCYMqTeR6cc

Score
10/10

Malware Config

Signatures

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-10_847edd6fcd34fb9bf8f9769f6d817f0a_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections