2024-05-23_5b704be551a613c4c927566821fe606d_ngrbot_snatch

Sharing

Target

2024-05-23_5b704be551a613c4c927566821fe606d_ngrbot_snatch
Size

10.2MB
MD5

5b704be551a613c4c927566821fe606d
SHA1

a70bd419d57457baba3789de650bce39d3de3304
SHA256

f09761275b59450a1c7c1add462efaa7542eccab57cb312ebc4b8cf4c4bb11d9
SHA512

f4c668af47f5d75f8e0e5e9d881f59d038f20d9e243ec3b24f97434d67ae479db3df8528b4e43bad0e44fa1a45f4fdcac7d01d610e67117dabc7adc8ad911a2d
SSDEEP

98304:ONa9BnNMfz3l8Jh9BGkGZrbJhWEatIMSFYN1Wv:bTNMfzXkGZrthTMI01Wv

Score

10^/10

Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Detects executables containing possible sandbox system UUIDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxSystemUUIDs

Detects executables referencing virtualization MAC addresses 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_MACAddrComb

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_5b704be551a613c4c927566821fe606d_ngrbot_snatch