General

  • Target

    2024-05-12_54cdcbef9065668b75b2a2b8e72ac3cc_ngrbot_snatch

  • Size

    9.5MB

  • MD5

    54cdcbef9065668b75b2a2b8e72ac3cc

  • SHA1

    912c98eb436b1e21e9e1a84f6252273eb76577fb

  • SHA256

    9fc4454099317d7154d8c703c128850f9c0f3536e831619313224b2e7947bc28

  • SHA512

    1fabe68c1121830bb8693ff83adbbd770df3d1a61a41c2412329dec8d73ce9ddc4bef3033c2630575bcc6fd7cfbba4a64af9dd82eefbb6b601d0c9759c8ce81b

  • SSDEEP

    98304:m/lSsz0v691HcrORvs0SSK2g8Rw3EplwSF8S1jC:9e0v6vKes0SSvgSplz1jC

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-12_54cdcbef9065668b75b2a2b8e72ac3cc_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections