General

  • Target

    2024-05-15_f0b3e74b88db217dac71ee9bccc776b8_snatch

  • Size

    8.9MB

  • MD5

    f0b3e74b88db217dac71ee9bccc776b8

  • SHA1

    8fd83bffda981f2cfbdd3a1bbad2cc8ffe66db82

  • SHA256

    4b1e1783aaef582753ddb0483c9257be341543308972e53d304e85d36a0a7015

  • SHA512

    6bd1c7ed0eddb6d81498898598312311b6e334a37450fa3f367b5b9f5634f466b2ffc8bd16e5d3aa172b1e07a9a2574ebad2f1b13d4edd40ea69325911d79e52

  • SSDEEP

    98304:uHxMZDJ1TRpxYVX9u2IazANf7hZytTD5iq7:0xEvYjVzANThwN

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-15_f0b3e74b88db217dac71ee9bccc776b8_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections