General

  • Target

    2024-05-15_5e1f2f4e15c77429a5d031d579498e4e_snatch

  • Size

    8.9MB

  • MD5

    5e1f2f4e15c77429a5d031d579498e4e

  • SHA1

    172b5e9edfa8222d1b9e75d95d5f7840c67e805c

  • SHA256

    deaae2de3a0075e3cca6e06092f3e08ccb555ae8ace7c720c89d5d4429037f21

  • SHA512

    f52d7a5b5d293dae172f1853c0300ce92152d304869dd78b36db8e0b43735b8187eb22f33c3f63facbe2225e27ba7da476c9131d1211a83c1b206b63744f1d35

  • SSDEEP

    98304:uHxMZDJ1TRpxYVX9u2IazANfDhZytTD5iqQ:0xEvYjVzANLhwN

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-15_5e1f2f4e15c77429a5d031d579498e4e_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections