Overview

overview

10

Static

static

10

2024-05-12...ch.exe

windows7-x64

1

2024-05-12...ch.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-12_be87a42ef0ca75115fe1404f339d02b0_ngrbot_snatch

  • Size

    9.5MB

  • MD5

    be87a42ef0ca75115fe1404f339d02b0

  • SHA1

    58bd1282bf6ec37c1bb8e996f3e59dad2e99a5a8

  • SHA256

    e5c60e1f73e08c609f1a11f0cc4d42abbfbede263030e9de8bcccb38d539bf1b

  • SHA512

    182791cebfc3d973f165ac2f2c583e9aa55cf6a58b3c4c3fbff15df15ccf2fe574f8637df5271956ebe849e6c16f5b97c04705c6a0b85c34a5bbe88f477251a8

  • SSDEEP

    98304:1ELyY2Y2QCV6aDb3M0jSuxZKEplnSF8S4jC:S32Y2fd/M0jSMZXpl84jC

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-12_be87a42ef0ca75115fe1404f339d02b0_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections