Static task
static1
Behavioral task
behavioral1
Sample
2024-05-12_d550f0d727dbb48ffe2aa85bd03f4368_snatch.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-12_d550f0d727dbb48ffe2aa85bd03f4368_snatch.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-12_d550f0d727dbb48ffe2aa85bd03f4368_snatch
-
Size
16.2MB
-
MD5
d550f0d727dbb48ffe2aa85bd03f4368
-
SHA1
0925f1f38464776f413d36abb9cbadd458ec3084
-
SHA256
8442ebe6700b98e4b2ce1e1a4131d1de89845e5a25aba7c4ff3a15b6743132da
-
SHA512
70bb694c87276f2cc4965d8a318d53e5a8746fdc2985dedbc13aabb5fb16f8c296d10a046144faa1ef578c28ca4f4f68c98872cce7a1700bb90145072baf775b
-
SSDEEP
98304:42ynupnnTPU+RxuGG/Rhb5A3VhCoEVFH59qsTvIupui68Nlp1dOlyWmVysV5R:4UnTPU+REi6VF+sT0i68NlIyWmVyw
Malware Config
Signatures
-
Detects Windows executables referencing non-Windows User-Agents 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA -
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-12_d550f0d727dbb48ffe2aa85bd03f4368_snatch
Files
-
2024-05-12_d550f0d727dbb48ffe2aa85bd03f4368_snatch.exe windows:6 windows x64 arch:x64
07361a3a7f515bf56ca93120b2aca73b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
Sections
.text Size: 6.9MB - Virtual size: 6.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7.0MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.0MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 191KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ