General

  • Target

    2024-05-11_c387d1fe36510eff81d4d7f166cd3f5f_ngrbot_snatch

  • Size

    9.5MB

  • MD5

    c387d1fe36510eff81d4d7f166cd3f5f

  • SHA1

    77518282311a78cb1f7ac62d6c9d20ed83067492

  • SHA256

    ce146306b2d3d51abeb610472960b10ce7a639d4a98e0475f7b822a3f8c569a4

  • SHA512

    c1a0246259ddc1885cb402293f4ca39ad245c5597e8c2b498c50a31613bb5e559e7ababe3d2739b69eafa1405c3eba9f2e08fb7f83446d28790fbbbf0255f2d4

  • SSDEEP

    98304:vPl0HwAviJi98u0FSd0CLwpONssCEEYSF8pJju:eQAvi8L1d0CLyONEsJju

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-11_c387d1fe36510eff81d4d7f166cd3f5f_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections