General

  • Target

    2024-05-15_9a2436b842c9e0fe510660797d7e9852_snatch

  • Size

    8.9MB

  • MD5

    9a2436b842c9e0fe510660797d7e9852

  • SHA1

    90c2110722ecce1194041e2f3b70895e4f15fb2b

  • SHA256

    dc559216b70cf7b28864b6f75a3ae91191ed54cf3ecd8ef8e84e9ab088eb8561

  • SHA512

    e8f489dd4e04b1cab2b83026e71677e9411b90b0381889722207ecf7a9641dafda5b420e03c92951d89ea03f3b35321a9bd00f403e0f1217259619e4d649e537

  • SSDEEP

    98304:uHxMZDJ1TRpxYVX9u2IazANfkhZytTD5iqQ:0xEvYjVzAN8hwN

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-15_9a2436b842c9e0fe510660797d7e9852_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections