General
-
Target
2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch
-
Size
19.8MB
-
Sample
240523-ecyg4sda52
-
MD5
a6b1285c88d91f63d99e7fda5acb9b57
-
SHA1
b08cfef47fec942f1e8968afeb5a92f83a109e73
-
SHA256
4503e70063f8becb57638e8450a8a14973f0696571b10a287e8ce000b67e2a1d
-
SHA512
17a0304d9c8e2927ed10e839eab5f07fc3e820b7bfd84c6923336414485ff351cdbbb5785c832719ce538caa174e09ac0eb2ac34618305ece8e0d3d281be2f17
-
SSDEEP
196608:1VmvWv3wBTIE0DO9TSvdyFClKe0kU05lBJUSUn3cKViIRZFhwj5fZ0u:1kvTv9Tuy1PkUklBPUsKVi6HORZ5
Behavioral task
behavioral1
Sample
2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch
-
Size
19.8MB
-
MD5
a6b1285c88d91f63d99e7fda5acb9b57
-
SHA1
b08cfef47fec942f1e8968afeb5a92f83a109e73
-
SHA256
4503e70063f8becb57638e8450a8a14973f0696571b10a287e8ce000b67e2a1d
-
SHA512
17a0304d9c8e2927ed10e839eab5f07fc3e820b7bfd84c6923336414485ff351cdbbb5785c832719ce538caa174e09ac0eb2ac34618305ece8e0d3d281be2f17
-
SSDEEP
196608:1VmvWv3wBTIE0DO9TSvdyFClKe0kU05lBJUSUn3cKViIRZFhwj5fZ0u:1kvTv9Tuy1PkUklBPUsKVi6HORZ5
Score9/10-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables Discord URL observed in first stage droppers
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables containing URLs to raw contents of a Github gist
-
Detects executables containing possible sandbox system UUIDs
-
Detects executables packed with Themida
-
Detects executables referencing virtualization MAC addresses
-