Overview

overview

10

Static

static

10

2024-05-13...ch.exe

windows7-x64

2024-05-13...ch.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-13_b31f63789c263646f34323ee05d7cc06_ngrbot_snatch

  • Size

    10.0MB

  • MD5

    b31f63789c263646f34323ee05d7cc06

  • SHA1

    2550655d5eda148b2d456eb18e366f0a80c94eaf

  • SHA256

    3fb88aa0c1be88f93f9f58010691ffc002b65dc41b8b75bc0d8a6b34b55bd653

  • SHA512

    476a60fed0082c7711e870d047fa0cc3590e987914ff143fb87aa7a0621316e19bb9c06bc541e67d1bc78033ac12fa8627cf0e7ee477bbd8028cce35a4040f64

  • SSDEEP

    98304:opZt7fWmgKpdhClPX0Pr95wmEjrUFcND46VEJ:GUmgKsX0PrXwDjFD4n

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-13_b31f63789c263646f34323ee05d7cc06_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64


    Headers

    Sections