Overview

overview

10

Static

static

10

2024-05-16...ch.exe

windows7-x64

1

2024-05-16...ch.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-05-16_591631062ed7aee4748038f576e6a42d_ngrbot_snatch

  • Size

    11.7MB

  • MD5

    591631062ed7aee4748038f576e6a42d

  • SHA1

    0014e71b3898543eb4fb0157260a4f97fbc98e0e

  • SHA256

    787291003bc013e31568b911a299763cfcf477ae6ee1c5a09dfda060057b3222

  • SHA512

    1ae699a6f986562e307d5c449d64aae3936ed8e39cb4db52fbbfcd10a0f282d38faea76d618584cd12c602b24ead04735292f93ac0ccee61b7724f9930ab7bc4

  • SSDEEP

    98304:VUMbk9Y3AsxHla01Yl3P9YMK8S/uQI+EYXPNMWBpCZdBI3hewF5zgaEf3:VRfQsxH0ZVbKr/tI7CPNDRxdMf3

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-16_591631062ed7aee4748038f576e6a42d_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections