General

  • Target

    2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch

  • Size

    19.8MB

  • Sample

    240523-ecyg4sda52

  • MD5

    a6b1285c88d91f63d99e7fda5acb9b57

  • SHA1

    b08cfef47fec942f1e8968afeb5a92f83a109e73

  • SHA256

    4503e70063f8becb57638e8450a8a14973f0696571b10a287e8ce000b67e2a1d

  • SHA512

    17a0304d9c8e2927ed10e839eab5f07fc3e820b7bfd84c6923336414485ff351cdbbb5785c832719ce538caa174e09ac0eb2ac34618305ece8e0d3d281be2f17

  • SSDEEP

    196608:1VmvWv3wBTIE0DO9TSvdyFClKe0kU05lBJUSUn3cKViIRZFhwj5fZ0u:1kvTv9Tuy1PkUklBPUsKVi6HORZ5

Score
10/10

Malware Config

Targets

    • Target

      2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch

    • Size

      19.8MB

    • MD5

      a6b1285c88d91f63d99e7fda5acb9b57

    • SHA1

      b08cfef47fec942f1e8968afeb5a92f83a109e73

    • SHA256

      4503e70063f8becb57638e8450a8a14973f0696571b10a287e8ce000b67e2a1d

    • SHA512

      17a0304d9c8e2927ed10e839eab5f07fc3e820b7bfd84c6923336414485ff351cdbbb5785c832719ce538caa174e09ac0eb2ac34618305ece8e0d3d281be2f17

    • SSDEEP

      196608:1VmvWv3wBTIE0DO9TSvdyFClKe0kU05lBJUSUn3cKViIRZFhwj5fZ0u:1kvTv9Tuy1PkUklBPUsKVi6HORZ5

    Score
    9/10
    • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables Discord URL observed in first stage droppers

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Detects executables containing URLs to raw contents of a Github gist

    • Detects executables containing possible sandbox system UUIDs

    • Detects executables packed with Themida

    • Detects executables referencing virtualization MAC addresses

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

MITRE ATT&CK Matrix

Tasks