eda8f90c8bb1636f8fbad4387b2f1a6a730c764e8374053e2d65b690eb111610 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-10...ch.exe

windows7-x64

1

2024-05-10...ch.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_0251f66d59f1ec0ab7a4768e1203e2cc_snatch
Size

9.9MB
Sample

240510-t8talaae43
MD5

0251f66d59f1ec0ab7a4768e1203e2cc
SHA1

0113541789068deb2ee0cce2fa5eafb1430487f6
SHA256

eda8f90c8bb1636f8fbad4387b2f1a6a730c764e8374053e2d65b690eb111610
SHA512

497ff5367d68ba3c78edb1dd1b361db413142e6831d8b73b5f3eaf72f1ec347f894681e9e127ea294dab23343f38dfab4c99a0c8f3cb50d0a4224dcc006527bf
SSDEEP

98304:s/uYb/g1tUWXQT/u/ch3EE9uDTo+ARZVFf7+Aa4:se1shtEo+ARZVFf7La4

Score

10^/10

discovery evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-05-10_0251f66d59f1ec0ab7a4768e1203e2cc_snatch.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-10_0251f66d59f1ec0ab7a4768e1203e2cc_snatch.exe

Resource

win10v2004-20240508-en

discovery evasion persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-10_0251f66d59f1ec0ab7a4768e1203e2cc_snatch
- Size
  
  9.9MB
- MD5
  
  0251f66d59f1ec0ab7a4768e1203e2cc
- SHA1
  
  0113541789068deb2ee0cce2fa5eafb1430487f6
- SHA256
  
  eda8f90c8bb1636f8fbad4387b2f1a6a730c764e8374053e2d65b690eb111610
- SHA512
  
  497ff5367d68ba3c78edb1dd1b361db413142e6831d8b73b5f3eaf72f1ec347f894681e9e127ea294dab23343f38dfab4c99a0c8f3cb50d0a4224dcc006527bf
- SSDEEP
  
  98304:s/uYb/g1tUWXQT/u/ch3EE9uDTo+ARZVFf7+Aa4:se1shtEo+ARZVFf7La4
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy