Behavioral task
behavioral1
Sample
2024-05-13_ca6d6669cad42d4821aee59412f8eb2b_snatch.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-05-13_ca6d6669cad42d4821aee59412f8eb2b_snatch.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-13_ca6d6669cad42d4821aee59412f8eb2b_snatch
-
Size
5.9MB
-
MD5
ca6d6669cad42d4821aee59412f8eb2b
-
SHA1
e0138e1fe0b101bfd7c703583e950ab7732626cd
-
SHA256
a3382701c923b35b6fadd985020c93b27a6e3b0db8b73ceed7e35ecb1d33e959
-
SHA512
dee34861cb168c73a251b01b56ea0c2c2d7bd9dc1ba9eb1a9478256ef37534c7d0d29958e9256a371e588a283ef25d28dbaab3cfbca9b3230fdf858a5b4647b3
-
SSDEEP
98304:aqpcL8zufkRuAlUjFOrrG6crEPI+xqm95OnE7sQio65ISag1XVlQcrcBvK9l0b2/:ZpcLAwyFlURGTc8Xqmz77sQioaIK1Xr1
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 2024-05-13_ca6d6669cad42d4821aee59412f8eb2b_snatch unpack001/out.upx
Files
-
2024-05-13_ca6d6669cad42d4821aee59412f8eb2b_snatch.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 13.3MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 10.6MB - Virtual size: 10.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 820KB - Virtual size: 820KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 4KB - Virtual size: 4KB
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ