Overview

overview

10

Static

static

10

2024-05-11...ch.exe

windows7-x64

1

2024-05-11...ch.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-11_97910039db264e4641c49a4bcb813b8d_ngrbot_snatch

  • Size

    14.2MB

  • MD5

    97910039db264e4641c49a4bcb813b8d

  • SHA1

    74e03a5bc784c2a5c4c17a6dacb3996a4f04b68f

  • SHA256

    39a0451d3c987ee0ff19db6e3b144cba2667c07884fd7c194ba1889df008140c

  • SHA512

    a8024c9af0d34b5dd995bd9a002a4191c79cabb8942e6e7f864378866bffe178f3603d89d3e4b0d9c09d6ebbd6879123c3b54f06be7b34b4a5f1238407774e21

  • SSDEEP

    196608:GUmgKsX0PrXwDjFD4fedVZ41z0uCrdExayT8:GJgfnjeO1uCrdExam

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-11_97910039db264e4641c49a4bcb813b8d_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections